Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Socketed Firmware Here We Come (Score 4, Insightful) 120

by gclef (#49291399) Attached to: Persistent BIOS Rootkit Implant To Debut At CanSecWest

Yeah, but it immensely complicates incident recovery. Rebuilding a compromised system isn't enough if you can't trust the BIOS anymore. It's only a matter of time before the compromised BIOS' adapt to re-compromise the new BIOS as it's written, so re-flashing the BIOS of a compromised computer isn't a good long-term fix.

Does this make a compromised computer basically a paperweight? That's going to turn IT into a really expensive scene really quickly.

Comment: Re:Actually, ADM Rogers doesn't "want" that at all (Score 1) 406

by gclef (#49127589) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

A few more thoughts:

1) Part of the reason this whole thing is coming up is that Apple said that were going to modify the encryption on iPhones so that they couldn't decrypt them either. It's at that point that the big push for breakable encryption started. So, saying that this is just about companies giving the NSA data that the companies already have isn't true. A subpoena/NSL/FISA court order is sufficient for legal access to data that the companies already have. If that were all the NSA/FBI/etc wanted, then they already have the tools to get that data.

2) given that, it is imperative upon the people asking for the change to explain why supoenas/NSLs/FISA court orders are insufficient. I haven't heard a single thing about that, *except* in the context of companies like Apple enabling encryption and *not* escrowing the keys. That puts a lie to the idea that this is just about accessing data that the companies already have.

Lastly, please don't make "talk like adults" sideswipes...you're assuming bad faith on the part of your commenters, (me, in this case) which you have no evidence of. This is a very passive-aggressive way of insulting your debate partner. If you'd really like to debate, this is not helpful.

Comment: Re:Actually, ADM Rogers doesn't "want" that at all (Score 5, Interesting) 406

by gclef (#49121283) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

There are multiple problems with your statement. Lets look at them all, shall we:

What he "wants", when US-based companies hold data that still can technically be accessed for legitimate foreign intelligence purposes supported by our system of law

No. The trigger for this isn't that companies are holding data...it's that users have data, and the NSA wants to force the companies to keep/get access their users data even if the company doesn't want to, so that the NSA can access it also. This is a *very* different proposition. If Apple doesn't want to hold its user's data, why should the NSA force them to just so that the NSA can read it? That seems to be the NSA's problem, not Apple's.

If, on the other hand, you live in a world where simply crying "Encryption!" is some kind of barrier that magically sanctifies the underlying data

Saying "encryption" does not make the data magical, but it also doesn't entitle the NSA to special treatment. If they can break it, fine. If they can't, there is no valid reason for me to make it easy for them.

then I would ask what you think about the German and Japanese codes in WWII?

Attacking RSA/DSA/AES/etc is the NSA's job. If they can do that, fine. Deliberately weakening an existing system to make it *easier* for them to do those attacks isn't our job, or our problem. If they want to beat their heads against AES, go for it. But that's not a valid reason for country-wide key escrow.

Lastly, on the specialness of America: Do we really believe that the US is the only one who has the "right" to access any backdoor/golden-key/whatever? That's absolute nonsense. If the US forces Apple, Google, MS, etc to build key escrow into their devices so that the NSA can read the data on them, then that key will be used by every government on the earth. If you really believe that the NSA will manage to keep exclusive control of a master key for all encryption for a given major vendor, then I'm going to call you delusional.

Comment: Re:Why? (Score 2) 253

by gclef (#49105841) Attached to: Will Greek Finance Minister Varoufakis Support Cryptocurrency In Greece?

There's one problem it won't fix: the Greek debts to EU are not going to shift to the a currency just because Greece does. The debts to the rest of the EU will remain in Euros, and if the Greek "new Drachma" devalues massively compared to the Euro, the relative loan repayments in new Drachma will go up correspondingly.

Greece can't print their way out of the loans. They can print their way to cheaper exports, yes....but the can't print their way out of the loans.

Comment: Re:8X cost increase up front (Score 2) 516

by gclef (#48466695) Attached to: Ask Slashdot: Why Is the Power Grid So Crummy In So Many Places?

I've often wondered about the possibility of not re-burying the trench: make the trench shallower, cover it with a walkable grate, and just leave it that way. Sure, the grate will get covered by leaves, and the trench will fill with water (have to have a way to drain that), but those seem like minor problems. The cable would be shielded from the vast majority of problems (falling branches, cars hitting poles, squirrels). And since it's just a grate covering, it's just as easy to find problems & service as if they were on a pole. I'm sure I'm missing some reason why this isn't feasible, though...

Comment: Re:Quite the opposite. Acer, Samsung, HP - all unl (Score 1) 183

This is true with one big caveat: the kernel still comes from the cromeOS partition, not the linux partition. I learned this the hard way with my chromebook....I could never get it to a 2.6 Kernel (never mind 3.x) because the system had actually booted the kernel from the chromeOS partition, but the rest of linux from my ubuntu partition.

Comment: Re:I call BS on this one.... (Score 1) 575

by gclef (#48041025) Attached to: Obama Administration Argues For Backdoors In Personal Electronics

I'm beginning to think that the lack of difference between the party policies isn't that they're the same party...I think the institutional attitudes of various agencies doesn't change with government rotation because most of the employees of the agencies don't change. That can be as good (if the party you disagree with is in power, it's hard for them to gut an agency they don't like), and it can be bad (an out of control agency can almost do whatever the hell they like, since they know they can outwait any mangement they disagree with).

I'm not sure how to solve this one, though...if you clean out the entire upper echelon of an agency at administration rollover, then you risk seriously politicising even the most bland agencies. On the other hand, some of these agencies clearly need an attitude adjustment, and I really do think the attitude problem is endemic to the entire culture of the agency, not just their leadership.

Maybe a max term for any federal employee that they can't work for any one agency for more than 10 years?

Comment: Re:Yeah, too bad there's no real reason to do so.. (Score 1) 292

by gclef (#46543639) Attached to: Back To the Moon — In Four Years

Agree. The moon's dust problem alone makes it problematic. I'd argue for L4 or L5 before the moon. There's still some dust at L4 & L5, but the sheer amount of it is much lower, and the gravity well to get there (and leave again) is much lower. It's not as inpsiring to say "we're on L4!", but it's also a first-person-gets-it kinda situation...you can have multiple moon bases, but really only one at L4 or L5.

Comment: Re:It's not legal issues, it's production issues (Score 1) 77

by gclef (#46492547) Attached to: Why Are There More Old Songs On iTunes Than Old eBooks?

The difference, which the summary alludes to, but doesn't call out, is that it's very typical for book contracts to contain a clause that reverts all copyrights back to the author after the book falls out of print for some period of time. Music contracts very rarely have that. Music contracts may or may not have covered the right to distribute the works digitally, but the music publishers still have *some* rights to old works, where the book publishers will have none.

Comment: Re:If Comcast were Exxon (Score 1) 520

by gclef (#46321945) Attached to: Netflix Blinks, Will Pay Comcast For Network Access

It's not quite that simple. The GP post is correct that Cogent has a horrible reputation in the industry. Here's a synopsis of the most common Cogent dispute:

1) User in New York on ISP A requests data from Server in San Francisco on Cogent.
2) ISP A and Cogent interconnect in San Francisco and New York.
3) ISP A wants Cogent to carry the traffic to New York and drop it onto the ISP's network as close a possible to the customer (cold-potato routing), Cogent wants it off their network as soon as possible so they drop it onto the ISP A San Francisco interconnect (hot potato routing).

The question boils down to: which one of them is going to have to build a bigger national backbone to handle the extra traffic from the user in New York? Neither one wants to, and wants to force the other one to do it.

As to why ISPs are not blacklisting Cogent: they are. That's what all these bandwidth problems with Netflix are about: ISPs are playing chicken with Cogent, trying to force Cogent's customers to bully them into upgrading their network. ISPs aren't limiting Netflix: they're refusing to upgrade interconnects with Cogent until Cogent starts using cold-potato routing.

In this case, one of Cogent's customers blinked before Cogent did, and side-stepped the problem.

You will have a head crash on your private pack.

Working...