Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment: Re:Socketed Firmware Here We Come (Score 4, Insightful) 120

by gclef (#49291399) Attached to: Persistent BIOS Rootkit Implant To Debut At CanSecWest

Yeah, but it immensely complicates incident recovery. Rebuilding a compromised system isn't enough if you can't trust the BIOS anymore. It's only a matter of time before the compromised BIOS' adapt to re-compromise the new BIOS as it's written, so re-flashing the BIOS of a compromised computer isn't a good long-term fix.

Does this make a compromised computer basically a paperweight? That's going to turn IT into a really expensive scene really quickly.

Comment: Re:Actually, ADM Rogers doesn't "want" that at all (Score 1) 406

by gclef (#49127589) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

A few more thoughts:

1) Part of the reason this whole thing is coming up is that Apple said that were going to modify the encryption on iPhones so that they couldn't decrypt them either. It's at that point that the big push for breakable encryption started. So, saying that this is just about companies giving the NSA data that the companies already have isn't true. A subpoena/NSL/FISA court order is sufficient for legal access to data that the companies already have. If that were all the NSA/FBI/etc wanted, then they already have the tools to get that data.

2) given that, it is imperative upon the people asking for the change to explain why supoenas/NSLs/FISA court orders are insufficient. I haven't heard a single thing about that, *except* in the context of companies like Apple enabling encryption and *not* escrowing the keys. That puts a lie to the idea that this is just about accessing data that the companies already have.

Lastly, please don't make "talk like adults"'re assuming bad faith on the part of your commenters, (me, in this case) which you have no evidence of. This is a very passive-aggressive way of insulting your debate partner. If you'd really like to debate, this is not helpful.

Comment: Re:Actually, ADM Rogers doesn't "want" that at all (Score 5, Interesting) 406

by gclef (#49121283) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

There are multiple problems with your statement. Lets look at them all, shall we:

What he "wants", when US-based companies hold data that still can technically be accessed for legitimate foreign intelligence purposes supported by our system of law

No. The trigger for this isn't that companies are holding's that users have data, and the NSA wants to force the companies to keep/get access their users data even if the company doesn't want to, so that the NSA can access it also. This is a *very* different proposition. If Apple doesn't want to hold its user's data, why should the NSA force them to just so that the NSA can read it? That seems to be the NSA's problem, not Apple's.

If, on the other hand, you live in a world where simply crying "Encryption!" is some kind of barrier that magically sanctifies the underlying data

Saying "encryption" does not make the data magical, but it also doesn't entitle the NSA to special treatment. If they can break it, fine. If they can't, there is no valid reason for me to make it easy for them.

then I would ask what you think about the German and Japanese codes in WWII?

Attacking RSA/DSA/AES/etc is the NSA's job. If they can do that, fine. Deliberately weakening an existing system to make it *easier* for them to do those attacks isn't our job, or our problem. If they want to beat their heads against AES, go for it. But that's not a valid reason for country-wide key escrow.

Lastly, on the specialness of America: Do we really believe that the US is the only one who has the "right" to access any backdoor/golden-key/whatever? That's absolute nonsense. If the US forces Apple, Google, MS, etc to build key escrow into their devices so that the NSA can read the data on them, then that key will be used by every government on the earth. If you really believe that the NSA will manage to keep exclusive control of a master key for all encryption for a given major vendor, then I'm going to call you delusional.

Comment: Re:Why? (Score 2) 253

by gclef (#49105841) Attached to: Will Greek Finance Minister Varoufakis Support Cryptocurrency In Greece?

There's one problem it won't fix: the Greek debts to EU are not going to shift to the a currency just because Greece does. The debts to the rest of the EU will remain in Euros, and if the Greek "new Drachma" devalues massively compared to the Euro, the relative loan repayments in new Drachma will go up correspondingly.

Greece can't print their way out of the loans. They can print their way to cheaper exports, yes....but the can't print their way out of the loans.

Comment: Re:Where the losers feel like they also won (Score 1) 155

by Continental Drift (#48708041) Attached to: Designing the Best Board Game
Yes, which is why I'm not actually a fan of Pandemic. But both Space Alert and Escape are speed games, so there's not enough time to micromanage everyone. You have to count on your teammates to do the right thing, to talk to each other, to carry out a plan, and to be flexible when the shit hits the fan.

Comment: Where the losers feel like they also won (Score 1) 155

by Continental Drift (#48706479) Attached to: Designing the Best Board Game
Some cooperative games (Space Alert, Escape, Pandemic) allow everyone to win as a group, which makes everyone feel good. But as Reiner Knizia put it "the best games are where the losers feel like they also won." Where even the losers have met goals in the game, have felt like they played well, or have enjoyed themselves. Who cares who wins at Cards Against Humanity? We don't even keep score in Concept. If a game has rewards along the way, where I can look back at a game and be happy with some of my good plays, it makes losing the game not so bad, maybe even irrelevant. I like to win poker tournaments, but if I've made a particularly good bluff or clever trap call, I feel good about my play even if I end up losing.

Comment: Elegance and replayability (Score 2) 155

by Continental Drift (#48706297) Attached to: Designing the Best Board Game

I play board games two or three times a week. I love games with elegant rules which still lead to a game that can be played over and over. I've been playing bridge for 30 years, and I still find something new every time I play. Dominion and Werewolf are really neat elegant systems, but nearly every game is a new experience.

I also need to be able to improve. I think Royal Turf is an elegant game, but I know the ideal strategy and don't enjoy playing anymore. Whereas I have a lot to learn to be a better Zendo player and a better poker player, and will never master either game.

Comment: Re:8X cost increase up front (Score 2) 516

by gclef (#48466695) Attached to: Ask Slashdot: Why Is the Power Grid So Crummy In So Many Places?

I've often wondered about the possibility of not re-burying the trench: make the trench shallower, cover it with a walkable grate, and just leave it that way. Sure, the grate will get covered by leaves, and the trench will fill with water (have to have a way to drain that), but those seem like minor problems. The cable would be shielded from the vast majority of problems (falling branches, cars hitting poles, squirrels). And since it's just a grate covering, it's just as easy to find problems & service as if they were on a pole. I'm sure I'm missing some reason why this isn't feasible, though...

Comment: Re:Quite the opposite. Acer, Samsung, HP - all unl (Score 1) 183

This is true with one big caveat: the kernel still comes from the cromeOS partition, not the linux partition. I learned this the hard way with my chromebook....I could never get it to a 2.6 Kernel (never mind 3.x) because the system had actually booted the kernel from the chromeOS partition, but the rest of linux from my ubuntu partition.

Comment: Re:I call BS on this one.... (Score 1) 575

by gclef (#48041025) Attached to: Obama Administration Argues For Backdoors In Personal Electronics

I'm beginning to think that the lack of difference between the party policies isn't that they're the same party...I think the institutional attitudes of various agencies doesn't change with government rotation because most of the employees of the agencies don't change. That can be as good (if the party you disagree with is in power, it's hard for them to gut an agency they don't like), and it can be bad (an out of control agency can almost do whatever the hell they like, since they know they can outwait any mangement they disagree with).

I'm not sure how to solve this one, though...if you clean out the entire upper echelon of an agency at administration rollover, then you risk seriously politicising even the most bland agencies. On the other hand, some of these agencies clearly need an attitude adjustment, and I really do think the attitude problem is endemic to the entire culture of the agency, not just their leadership.

Maybe a max term for any federal employee that they can't work for any one agency for more than 10 years?

I'm a Lisp variable -- bind me!