Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:The founding documents present a path... (Score 1) 129 129

The electorate fully agrees with him.

This is completely untrue. The electorate is pretty divided, and whether you can find a majority depends which poll you look at, and which week. The fact is that there is a significant part of the electorate that thinks bulk surveillance is fine because they have nothing to hide and it keeps us safe. That they're wrong on both counts doesn't change their opinion, or their votes

Congress mostly agrees with him.

And yet they passed the USA Freedom Act which, although better than the PATRIOT Act, still authorizes way too much surveillance. And in the process they failed to do anything to curtail article 702 of the FISA, which is the basis for the FISA court's ruling -- as was completely predictable before passage of USA Freedom. The argument is that while article 702 authorizes only surveillance of foreign people, the court considers it perfectly reasonable for the NSA to hoover up ALL the data and then figure out later what they can and cannot look at. This all comes back to the NSA's choice to define "collect" as "look at", since the law hadn't defined the term.

Congress had a perfect opportunity to define "collect" as "collect", and chose not to.

Yeah, we have a problem here. And the "democratically elected government" ain't it.

The problem is fundamentally the electorate, which isn't sufficiently convinced that bulk data collection is a bad thing. If 80% of the voters wanted it shut down, enough to make it a major election issue, it would be shut down. But as is Congress knows that with a slim majority (at best) concerned about data collection, if they shut it down and then Something Bad happened the voters would turn on them like a rabid dog.

The system isn't perfect, but it is basically working as intended. We just need to convince more of our fellow Americans that surveillance is bad.

Comment: Re:Apples and oranges (Score 1) 67 67

... it's just a little more than 1% the size of OpenSSL...Notably, s2n does not provide all the additional cryptographic functions that OpenSSL provides in libcrypto, it only provides the SSL/TLS functions....

So then, aren't size comparisons between OpenSSL and s2n at best useless, and at worst intentionally misleading?

No, but this particular comparison is. Besides all of the stuff s2n doesn't provide, s2n actually uses OpenSSL's libcrypto to provide the implementations of all of its crypto algorithm. A useful comparison could be made between OpenSSL's TLS layer and s2n, with some caveats listing the TLS features s2n doesn't provide.

Note that none of this means that s2n doesn't have value. If you don't need the other OpenSSL features, it's a lot less code to audit.

Comment: Re:That's not what the blockchain is for (Score 1) 29 29

The bitcoin solution is to sell the space to the highest bidder

'A', not 'the'. Sidechains are a much better bitcoin approach (the blockchain need only record the entry and exit points). Marc Andresson's company has been working on just this for a year or more.

Comment: Re:Respect has to be earned (Score 1) 170 170

The coup was a counter-coup. The Iranian PM was the one that overthrew the government, faked an election, dissolved parliament, was ruling by decree, and caused the Shah to flee.

That's not even close to true.

https://en.wikipedia.org/wiki/...
http://partners.nytimes.com/li...
http://www.theguardian.com/wor...

Comment: Re:Really? (Score 1) 170 170

The government of Iran had been overthrown by the Prime Minister who faked an election, dissolved parliament, and was ruling by decree while ignoring the Shah as constitutional monarch. (You know, the traditional head of government being responsible to head of state?) Not even Stalin faked elections as brazenly as the Iranian PM. The Shah fled for his own safety. The US and UK helped restore the Shah to power, not install him.

That is 100% false.

https://en.wikipedia.org/wiki/...

http://partners.nytimes.com/li...

http://www.theguardian.com/wor...

Comment: Re:Taxi licenses are crazy expensive (Score 1) 311 311

And if it was society's resources paying for the gas and labor, then I would agree with you, but at the moment, you're requiring the cab drivers - who are typically lower-class - spend their own resources.

No, you're not requiring. Cities have lotteries for new taxi medallions every year where they are obtained for a very small registration fee. That's the only way new medallions come into the system.

And after all, isn't spending your own resources in order to start a business that will be profitable what capitalism is all about?

Comment: Re:Apples and oranges (Score 1) 67 67

So then, aren't size comparisons between OpenSSL and s2n at best useless, and at worst intentionally misleading?

Possibly misleading, if one doesn't understand the true claims, but definitely useful.

If you're just using OpenSSL for running servers and s2n can provide all of the functions a server needs, and s2n is is 1% of openssl's size, then it's a much, much cheaper target for auditing, and so it's far more feasible to feel secure about it.

If you're doing something different with OpenSSL then the use case probably doesn't apply.

It may be that a machine analysis of the OpenSSL codebase, starting with the function calls from, say, mod_ssl, could produce a useful graph of the OpenSSL code that's actually in use by typical servers. I'm not personally aware of such an effort, but it seems obvious enough that probably somebody has done it.

Comment: Re:Good idea (Score 1) 67 67

Maybe you can talk securely. Nobody has publicly announced any vulnerabilities in HMAC-MD5 yet, but that MD5 piece hanging off of there makes me nervous. If Amazon is willing to say that they no longer support Windows 3.11 for Workgroups users buying products from the Amazon store, it is their call. They have to weigh the loss of customers over discovering later that some weird long forgotten part of their OpenSSL implementation gave the keys to the kingdom over to the hackers.

Comment: Re:Really? (Score 4, Informative) 170 170

Barry M. Rubin

Horse shit.

Iran was a pro-Western, pro-American country until we sent the CIA to overthrow their government in 1953 and installed the Shah. If you're going to quote an Israeli PJMedia/Fox News propagandist, you might want to find one with more credibility than Barry Rubin.

Comment: Re:War is Boring is shit (Score 1) 685 685

So you'd like to see the F-35 trying to mow down Ruskie tank columns trying to break through the Fulda Gap after air superiority had been achieved? That was the environment that the A-10 was designed to handle. The A-10 was designed to be a flying tank because it was meant to fly low and take enemy AA fire. Its air defense capabilities are really only useful against attack helicopters.

The F-35 can't take the beating that an A-10 would shrug off but it's unlikely to receive such a beating. In an anti-armor role the F-35 isn't going to do low and slow strafing runs with its guns and doesn't need keep its boresight on target to hit with its air-to-ground missiles. In the CAS role the F-35 has a much longer range, higher speed, and longer loiter time than the A-10. It can deliver precision guided munitions much faster than the A-10 and then scamper off to the next target.

The F-35 is also capable of carrying more combat payload than the A-10. It can carry more munitions faster and farther than the A-10, all with low observability (depending on payload configuration obviously). When it returns from a CAS or strike mission it can also re-arm and fly CAP.

The A-10 is a nice plane and obviously very survivable. Its replacement however does not need to have all of the exact same characteristics to perform the same tasks.

Comment: Re: Above Congress? (Score 4, Insightful) 129 129

not sure if serious ... CIA people have been in the Whitehouse since 1980, out in the open (it's debatable before then). They spy on Congress, have their own secret kangaroo courts, and carry out overseas executions all admittedly. One could suppose that there's nothing worse behind closed doors but that would be generous towards spies. Who doesn't really think they're blackmailing anybody in Congress or other high elected office?

Politics remains the entertainment arm of the military-industrial complex. After all, people would be mildly non-plussed to learn that they were secretly ruled by spooks and banksters.

Comment: Re:Internet of Stupid Things (Score 1) 66 66

Then rejoice! Hurricane Electric [tunnelbroker.net] will give you your own /48 for free. Just set up a box to accept and route it and you can assign an IP to every single sperm in your beloved balls.

Do they also make a router that looks like Scarlett Johansson? I may find this "internet of things" acceptable after all.

God helps them that themselves. -- Benjamin Franklin, "Poor Richard's Almanac"

Working...