Forgot your password?
typodupeerror

Comment: Let's sell child porn to The Netherlands (Score 1) 41

by Sloppy (#47522331) Attached to: Dutch Court Says Government Can Receive Bulk Data from NSA

Though we'll face some risks from our own governments, it's a relief to know at the Dutch government would have no problem with me selling kiddie porn (as long as it was made in America) to Dutch citizens. "No crime happened here, within our jurisdiction," they'd say.

In fact, the Dutch government should tolerate our new businesses even more than this NSA thing, since the victims (whereever their rights were violated) won't even be Dutch citizens. No Netherlander will have any reason to say their government let them down.

Comment: Re:New SSL root certificate authority (Score 1) 129

by Sloppy (#47508375) Attached to: Snowden Seeks To Develop Anti-Surveillance Technologies

Thanks for the insult. It hardly stung.

Unless you worked at Netscape in the mid-1990s, no insult was intended.

All I meant is that by the very early 1990s, we (and by "we" I mean people smarter than me; I was clueless at the time) had a pretty good idea that CAs wouldn't work well outside of real power hierarchies (e.g. corporate intranets). But then a few years later the web browser people came along and adopted X.509's crap, blowing off the more recent PKI improvements, in spite of the fact that it looked like it wouldn't work well for situations like the WWW.

Unsurprisingly, it didn't work well. Organizing certificate trust differently than how real people handle trust, 1) allows bad CAs to do real damage, and 2) undermines peoples' confidence in the system.

A very nice way of saying this, is that in hindsight, the predicted problems are turning out to be more important than we thought most people would care about. ;-) It's almost as though now (no fair! you changed the requirements!!) people want SSL to be secure.

Keeping the same organization but with new faceless unaccountable trust-em-completely-or-not-at-all root CAs won't fix the problem. Having "root CAs" is the problem, and PRZ solved it, over 20 years ago.

I expect you to start the project shortly.

It's a little late to start, but I do happen to still be running an awful lot of applications (web browser being the most important one) which aren't using it yet.

Comment: Re:Secure pairing is hard (Score 1) 131

by Sloppy (#47507817) Attached to: The "Rickmote Controller" Can Hijack Any Google Chromecast

How does Diffie-Hellman key exchange provide identification of the other party? .. It is not possible to determine who the other party is

It's possible. It requires an extra piece beyond the DH, but that extra piece isn't PKI. The user is the trusted introducer. The user looks around and says "Yep, these are the only two devices physically here that I have ordered to peer, right now." They are identified by being in the right place at the right time, triggered by the user saying "Now." That's a pretty good way to do things unless you're just totally surrounded by spies.

Comment: Re:Technology is only a small part of the problem (Score 1) 129

by Sloppy (#47500695) Attached to: Snowden Seeks To Develop Anti-Surveillance Technologies

It's a small part, but it's a part. I think Snowden has done his fair share of trying to inform laymen and stir up giving-a-fuck. If he wants to switch to working on tech, he could accomplish nothing and still come out far ahead of the rest of us. ;-)

The existence of a decent open-source router can't do much against a U.S. National Security Letter.

While we certain should care enough to force our government to stop being our adversary, there will always nevertheless be adversaries. You have to work on the tech, too. Even if you totally fixed the US government, Americans would still have to worry about other governments (and non-government parties, such as common criminals, nosey snoops, etc), where you have no vote at all. You will never, ever have a total social/civic solution which relies on, say, 4th Amendment enforcement to keep your privacy. I'm not saying your chances are slim; I'm saying they're literally 0%.

Furthermore, getting our tech more acceptable to layment acually would correct some of the problems inherent with NSLs, improving the situation even in a we-still-don't-give-a-fuck society. If you do things right, then the person they send the NSL to, is the surveillance target. The reason NSLs (coercion with silence) works is that people unnecessarily put too much trust into the wrong places.

For example, Bob sends plaintext love letters to Alice, so anyone who delivers or stores the love letters, can be coerced into giving up the contents. OTOH if they did email right, then if someone wanted to read the email Bob sent to Alice, they'd have to visit Bob or Alice. That squashes the most egregious part of NSLs, where the victim doesn't even get to know they're under attack.

That's true whether we're talking about email, or even if Bob and Alice get secure routers and VPN to each other. One of them gets the NSL ordering them to install malware on their router.

Comment: Re:New SSL root certificate authority (Score 2) 129

by Sloppy (#47500451) Attached to: Snowden Seeks To Develop Anti-Surveillance Technologies

A nice step ahead would be the establishment of a new set of root certificates...

The lesson of CA failure is that there shouldn't be root authorities. Users (or the people who set things up for them, in the case of novices) should be deciding whom they trust and how much, and certificates should be signed by many different parties, in the hopes that some of them are trusted by the person who uses it.

If you want to catch up to ~1990 tech, then you need to remove the "A" in "CA."

Comment: Lame article (Score 1) 187

by Sloppy (#47500367) Attached to: The Almost Forgotten Story of the Amiga 2000

Clicked (thought submitter screwed up the link and linked to a page that links to the article, rather than linking to the article), expecting to find a story about a forgotten A2000: maybe someone walked into an office in 2014 and saw that one was in use. Or someone knocked down a wall in 2014 and found one bricked up but still powered up. Instead, found a page telling everyone what A2000s are. Duh. Where's the "forgotten" part? All that I can tell that was forgotten, is that the writer forgot his elementary school spelling and punctuation lessons.

Comment: Re:Why is there a debate at all? (Score 1) 278

by Sloppy (#47466499) Attached to: The debate over climate change is..

Why is there a debate at all?

Because people want it. Suppose (just hypothetically) you were getting a subsidy from the public, and that the subsidy served no useful purpose. Then suppose someone said, "Hey, this is getting expensive and unless we change the rules for how we compute your subsidy, it's going to get more expensive in the future."

You would call for debate. Why wouldn't you? What've you got to lose?

Futhermore, if you lost that debate, and then people started saying, "Let's change the rules for your subsidy, either eliminating or reducing it," you would call for debate, because since your subsidy serves no useful purpose, the rational course of action is going to be to eliminate your subsidy.

I think we're pretty much now at the stage, where we should start seeing some some great arguments for how pollution reduces crime (and pollution solves some other social problems as well), and that if you want to be tough on crime (and address other social ills), then we need to increase pollution. (That'll be the liberal argument, put forth by Republicans.)

This will be countered by the argument that increasing pollution just makes industries become dependent upon pollution, cleaning up the pollution is needlessly expensive, and industries that pollute could be just as productive without the pollution. (That's the conservative argument, put forth by Democrats.)

Comment: Re:105 megabits per second (Score 1) 401

by Sloppy (#47462021) Attached to: Comcast Customer Service Rep Just Won't Take No For an Answer

That's why I think internet speed should be measured in Gigabytes per month. Seriously. About once per week I get snailspam from CenturyLink, wanting me to upgrade from 7 bullshit units to 20 bullshit units. Except each "plan" is the same number of Gigabytes per month. So how it is an "upgrade?" Oh, if I give you more money, I'll be able to hit my cap faster? That's silly.

Now if you're telling me my cap will change from 200GB to 571GB, that is an upgrade I might be willing to pay for. Because then you'd be talking actually-relevant numbers.

Comment: Re:OK (Score 1) 79

by Sloppy (#47457691) Attached to: Led By Nest, 'Thread' Might Be Most Promising IoT Initiative Yet

What I don't want to see are solutions that are dependent on outside resources

This is totally understandable but TFA is about a tech, not a product. Relax. I think the whole point of this is that people will be able to build stuff out of this. i.e. you'll google "arduino thread" and instead of just seeing programmers talk about concurrency, you'll also see some networking stuff in your search re--

Fuck. Guys, why did you have to call it "Thread?" WTF were you thinking? I declare: strike one.

Comment: Re: Maybe, maybe not. (Score 1) 749

by Sloppy (#47453533) Attached to: Obama Administration Says the World's Servers Are Ours

You cannot serve warrents to search property in other countries.

You can if it's controlled by someone in your country. When point a gun at someone's face who is in the same room as you, all kinds of things are possible.

If they say no or "hard drive crashed" then you do something, and then ask "who had been the second largest stockholder? You're now the largest (after us)."

Comment: Re:As plain as the googgles on your face (Score 1) 56

by Sloppy (#47427477) Attached to: The Future of Wearables: Standalone, Unobtrusive, and Everywhere

As intrusive as the Google Glass has proven to be, it will only be worse when observation recording tech is more difficult to detect.

I disagree. The exact opposite: when people stop noticing, they will stop caring. It won't be perceived as intrusive anymore, and people will be less annoyed by it.

It's the conspicuousness of the camera in Google Glass, the constant reminder that you might be recorded, that makes most people feel creeped out. For the previous decade leading up to that product, nobody cared about small+cheap camera tech itself. And people walk/drive by fixed-position cameras all the time, and don't give a fuck there either. Peoples's behavior shows that "intrusiveness" happens when a cameras looks like a camera, and I suspect it also has something to do with being face-level, literally "in your face" and you're making eye contact with it, unlike the case with less conspicuous cameras. It was never about privacy; it's some aspect of self-consciousness kind of related to privacy, but a different thing.

You might say "maybe you, but I sure care. Hell yes it's about privacy." Of course you say that. I'm talking about how people behave and the emotions they display. Not their innermost secret thoughts that they are always terrified to express in voting booths or policy decisions, yet are happy to speak of on the Internet.

You know, the Internet, where they don't have a camera in their face making them all self-conscious! The Internet, where instead of a terrifying 1x1 pixel image that makes you think "WTF is that? That's weird! Are you watching me?" you now instead see a bunch of "like buttons" which are obviously for liking things, not getting your browser to send a request to an unrelated tracking server.

In addition, there's a certain inevitability about it all. The cameras have been there a long time, there are more today, and there will be even more tomorrow. You can't do anything about it, except stay at home. So you'll either accept or you'll go insane and get selected out. You'll handle it. (Contrast that to Google Glass, the one small camera out of the hundreds out there, that you actually recognize and is also rare enough that there's little social cost to shunning. With GG you can refuse to accept and also stay within social norms, so GG is different.)

Comment: Re:Bitcoin isn't money but it's still a financial (Score 1) 135

by Sloppy (#47424471) Attached to: Judge Shoots Down "Bitcoin Isn't Money" Argument In Silk Road Trial

Bitcoin's primary purpose is to traffic/launder money and goods.

Objection. Will stipulate that its primary purpose is to traffic. But I call mega-bullshit on its primary or even secondary purpose being to launder, though there might be a way one could use Bitcoin for that.

fortune: not found

Working...