Forgot your password?

Comment: Re:The United States is turning into Untied States (Score 1) 97

by chihowa (#48438751) Attached to: Top NSA Official Raised Alarm About Metadata Program In 2009

The reality is human beings just aren't intelligent enough to form long lasting social orders because too many people have negative evolutionary characteristics they've inherited from the past. Our primate psychology is at the root of everything regardless of what collection of words and labels one flies under. The biology is still there.

Those negative characteristics are only negative in the context of forming long lasting social orders (really only in the context of forming long lasting egalitarian social orders -- dynastic empires last longer than most of our social structures). They are extremely positive in the context of the affected individuals and in the case of avarice, they are beneficial to the affected's offspring (and their offspring, and so on). There is extreme benefit to be had from sabotaging the social order and norms.

We humans are intelligent enough to form effective and equitable social structures, we just don't have the collective stomach for removing the saboteurs from our society. So we/they continue to undermine every system we devise.

Comment: Re:The problem is always the client (Score 1) 92

by chihowa (#48429041) Attached to: WhatsApp To Offer End-to-End Encryption

Of course it sends the keys to WhatsApp! If you install the client on a second phone, it just works, right?

So they're either:
1) generating a new key on each device and encrypting all incoming messages to every client's public key (or just encrypting the session key, a la PGP. -- While this isn't sending the key back to the mothership, new keys can be added at will, so copying traffic is easy.)

2) generating one key per account and shuffling it to newly installed clients through their server (possibly encrypted with the user's password... which they already know)

3) generating a key from the user's password directly with PBKDF2 or the like (a la SpiderOak, but (like SpiderOak) the client is closed source and they already know your password or could get it easily).

4) randomly assigning a symmetric key to each session and communicating it in-band to the clients involved in the chat.

Personally, I think 3 or 4 are the most likely because the infrastructure is the easiest and it still carries "end-to-end encryption" buzzword compliance.

The single hardest part of properly using encryption is key management. It's also the most vulnerable aspect of even weak crypto. Anything that simplifies this for end users, without requiring anything of them, is likely making serious security/convenience compromises.

[I'm still a big fan of hardware tokens for key storage and decryption. It greatly simplifies user key management while giving the user something familiar to associate their "key" with. It's not perfectly secure, but having to compromise a smartcard secure element requires more of the adversary.]

Comment: Re:Wait what? (Score 1) 163

by chihowa (#48426259) Attached to: US Gov't Seeks To Keep Megaupload Assets Because Kim Dotcom Is a Fugitive

In the end, I wouldn't be surprised if any case the US had at all for extradition is ruined by all of the misdeeds they've done in their attempt to 'get' him. They're really overplaying their hand here (as the DoJ has a tendency to do) and it's going to end up biting them (as has happened several times in the past).

Comment: Smarthost setup (Score 1) 405

by chihowa (#48380167) Attached to: Ask Slashdot: How To Unblock Email From My Comcast-Hosted Server?

I'm in the same boat and I've found that just sending all of my domain's email through Comcast's servers works well enough. I hate doing this on principle, but it has saved me so much hassle that it's not worth fighting.

Depending on your MTA, the configuration will be different, but the arrangement is generally referred to a using a Smart Host. Basically, your MTA directly connects to the ISP's SMTP server and sends the mail from there. Comcast requires authentication to use their servers, but they don't do anything funky to the mail they pass on. All of the headers remain intact except for the DKIM-Signature, which is replaced(?) when Comcast signs the message. I've never had a bounced message that I rerouted through their servers and they support TLS and IPv6, so it's not the worst setup.

I'm sure that if you share your MTA details, someone can help you with the configuration.

Comment: Re:I'm black and in tech (Score 1) 458

by chihowa (#48363021) Attached to: Black IT Pros On (Lack Of) Racial Diversity In Tech

As an aside, I see a lot of Caucasian dudes in IT, sure, but "white" isn't a race any more than "black" or "brown" is. There's a lot of variety of cultural heritage when it comes to "white" folks. Italians. Scandinavians. Greeks. Icelanders. Canadians. French.

White is a more valid descriptor than Caucasian since most "white people" aren't from the Caucasus region. It's fascinating (in a disgusting sort of way) that people have latched onto that term to describe white people. The term "Caucasian" itself is pretty heinous, being coined by Christoph Meiners as part of his theory of polygenism, where he described black people as basically being subhuman animals.

I think "white", "black", "red" or whatever is the least racist form of descriptor since it makes no assumptions of identity, culture, or heritage. The color of our skin is certainly useful as a means of physically describing someone: the tall black man or the brown-haired white woman. Anything more than that presumes to make important inferences about a person based on the color of their skin (read: prejudice).

Comment: Re:So much for Angela Merkel's commitment to priva (Score 1) 59

by chihowa (#48360119) Attached to: German Spy Agency Seeks Millions To Monitor Social Networks

...spy in real time on social networks outside of Germany, and decrypt and monitor encrypted Internet traffic.

There's more to the world "outside of Germany" than just the US. Your response falls squarely into the "...but the US is doing it, too!" line of reasoning. If citizens of other countries are pissed at being spied on by the NSA, why wouldn't they also be pissed at being spied on by the BND?

Comment: Re:Not just cameras (Score 1) 321

They get away with it because people put up with it.

They get away with it because it's hidden from the customers.

Most people who bought the sensor either went to and were delighted to see the sensor data there or didn't go to the website, didn't see the option in the configuration, and never even knew it was happening.

If every single person who noticed and cared that this was happening returned the item, those returns would likely still count fewer than returns of units that should have failed QA. The whole thing wouldn't make a blip on the manufacturer's radar and they'd keep getting away with it. Informed and savvy users are not very common and almost never figure into these businesses' decisions.

Comment: Re:This is missing one of Silk Road's major featur (Score 1) 108

The problem is, there is no crime between two willing people.

That's a bit of an oversimplification. There's a whole class of crimes that involve willing, if misinformed or deceived, people: fraud.

And while the definition of "willing" is debatable, the impact of consent is also subject to reasonable (IMHO) constraints, as with minors or people of otherwise diminished capacity (drugged, intoxicated, or mentally retarded). Once you start accounting for the nuances of reality, your maxim doesn't have quite the same truthy ring to it anymore.

Comment: Re:Lol! (Score 0) 389

Boo hoo.

Why would your government bother to act in your interest when you are so willing to blame others for them selling you down the river?

Trade retaliations are in violation of international treaty. If you stop rolling over and taking it, maybe the bully will stop dishing it out...

Comment: Re:Auditors, auditors (Score 2) 208

by chihowa (#48325609) Attached to: PC Cooling Specialist Zalman Goes Bankrupt Due To Fraud

Auditors are there to prevent stupid and/or low level employees from robbing the company. When the CEO is involved? The auditors are useless.

I'd say that it's actually the opposite situation. Auditors are there so that all of the information doesn't come directly from upper management. If management needs the cooperation of all of the rank-and-file to commit fraud, then the whole organization is a criminal operation or somebody's going to blow the whistle.

Upper management are the people who benefit the most from fraudulent schemes like these. How many low level employees are going to take on criminal liability so that the CxOs can roll in their piles of cash?

Comment: Re:Lol! (Score 2, Informative) 389

You had me until this:

Thanks, America ... this really is your fault.

By blaming the malice or incompetence of the rest of the world's governments on the dirty stinking Americans, you absolve everybody else of responsibility for their actions. Bad American laws are internalized by other countries (especially OECD members) because their lawmakers have the same goals.

Comment: Apps? (Score 1) 96

by chihowa (#48314593) Attached to: EFF Begins a Campaign For Secure and Usable Cryptography

Why is the focus here on "apps" instead of protocols? Wouldn't it make the most sense to decide on suitable protocols and work forward from there? Many of the tools that are scored use the same underlying protocol and thus pass/fail the same criteria.

Several of the criteria are not ever likely to be met by most "tech companies" (available for independent review or audit), so why not push a set of robust protocols and encourage everyone to adopt them? A thousand messaging "apps", each with their own incompatible protocol is a security nightmare and only builds impediments to communication (users settle for the least secure, most commonly available protocol).

Comment: Re:LOL ... Scores of Hectares? (Score 2) 94

by chihowa (#48267141) Attached to: Drones Could 3D-Map Scores of Hectares of Land In Just a Few Hours

You're having a hard time seeing the problem here because you're familiar with the units. FWIW, what you're feeling right now (the whole, "what's the problem?" feeling), is exactly how people in the US feel about their non-metric units. I use SI every day for work, so I'm familiar with metric (and like it very much), but not with the customary metric units (which break the elegance of SI to make people feel comfortable).

The issue with the units we've been discussing is "due to the many different conversion factors". All of the factors are multiples of ten, which helps, but the nice consistency in order of magnitude is lost. For example, mass is measured in grams and masses larger or smaller than a gram can be denoted by changing the order of magnitude associated with "gram"... except if the mass is above 10^6, in which case a new unit is used without a prefix (or sometimes with one). Converting between megagrams and milligrams is easy, as metric should be. But converting between tens of thousands of tonnes and milligrams is much less elegant.

You'll keep your tonnes and hectares for the same (invalid) reasons as Americans (and sometimes Brits) will keep their odd units and no argument will convince them otherwise.

Comment: Re:LOL ... Scores of Hectares? (Score 1) 94

by chihowa (#48265575) Attached to: Drones Could 3D-Map Scores of Hectares of Land In Just a Few Hours

I understand the rationalization for the creation of new units. What is happening with these new units, though, is the birth of a customary system. The origins of this particular customary system will be much more rational than any that came before it, but it will be just as clumsy and inconsistent as any other in the end. It's not that bad now, but wait until more silly units are made and people forget what twisted rationalizations begat those units.

You could use 1 square hectometer synonymously with 1 hectare, but that's a mouthful, and the are was a (redundant) part of an early proposal for the metric system, so the more convenient hectare stuck.

What you're describing here is, quite literally, a "customary" system.

Likewise for the tonne: 1 megagram just sounds gaga.

You've totally lost me here. "Megagram" is one of the most awesome unit names in existence. Seriously, work it in to conversation the next time you'd use tonne and see how much better the world is because of it.

Nothing will dispel enthusiasm like a small admission fee. -- Kim Hubbard