Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment: Re: 65536 (Score 1) 133

Upload a video to youtube that's got some copyrighted music playing on a radio in the background and they're all over it like stink on shit. Millions of people getting scammed out of countless amounts of time and money, meh.. That about sums up the priorities of the just-us system today. You got money? You get justice. You don't? Fuck ya.

Comment: Re:How soon? (Score 4, Insightful) 63

by StillAnonymous (#48641485) Attached to: The Beatles, Bob Dylan and the 50-Year Copyright Itch

And people on slashdot wonder why nobody around here has any respect for copyright anymore... It's because the original deal was broken. They kept extending to the advantage of the copyright holders, with absolutely zero concessions for the public. How is that fair? Why should I respect that?

Comment: Diary entry from 2150 (Score 1) 440

by Sloppy (#48610355) Attached to: Federal Court Nixes Weeks of Warrantless Video Surveillance

Told kid about nano-cam dust today. He's only 4 years old, so he didn't know about them yet, and I'm trying to teach him basic hygiene. I explained for that for nearly a a hundred years we have all lived in an environment where other peoples' cameras are always in our homes. We track them in, on our shoes. The AC intake blows them in. The servers the cameras send video too, aren't owned by people who are practicing subterfuge. It's not like they snuck "spy" dust onto our porches in the hopes we'd track them in. It just happens; it's an inevitable consequence of the stuff blowing around everywhere.

My great grandparents complained about it. They thought they had a reasonable expectation of privacy in their homes, because nanotech was new. They didn't see the dust, so they didn't know it was there. In the absence of sensual confirmation, the default expectation (at least to the layman) was that it wasn't there. That was naive, but my grandparents didn't work with nanotech or even use consumer models themselves, so perhaps their ignorance could be forgiven. (Just as my own ignorance of hyperspace can perhaps be forgiven, since I'm not a miner.)

My grandparents, though, grew up with the stuff, though it was still a bit expensive, so it wasn't totally ubiquitous yet. By their time, almost everyone at least knew about it, and if in a gathering of any five people you were to say "nobody sees me inside my home," chances were there would have been a few guffaws and someone would likely point out that the statement was likely incorrect. Sometimes the stuff got innocently tracked into your house, and sometimes it was manipulated into getting there, through subterfuge. The law and social norms lagged, though, and people debated privacy a lot.

By the time their children (my parents) grew up, though, it was all over. Everyone knew about nano-cam dust, and unless you did a rad-flash a few minutes earlier, fucking in your own bed was just as public as doing it in Times Square.

And now my kid knows too. It's just something everyone is expected to know about and deal with. If I were to write a story about it, I think I would set the story in the time of my grandparents, back when society was truly conflicted and in the midst of change. I bet those were interesting times.

Comment: Re:Under US Jurisdiction? (Score 1) 281

No but if you got a government request for your keys you'd know about it.

The government "request" would come in form of customised malware and you'd never even know you got hacked.

If google gets such a request you wouldn't know you were compromised.

You aren't gonna know, no matter what.

It isn't like they are sending l33t hackers to break in and get the data.

Schmidt isn't an idiot, despite how the press like to portray him via selective quoting (note that TFA does not provide much context for this quote). When he says Google is the safest place to put your data, he's probably comparing Google to other companies that provide similar services, not some hypothetical fully self hosted system - bearing in mind self hosting of email is rapidly going the way of the dodo even in business situations (it died for home email a long time ago).

Given that Yahoo still have not fully deployed SSL everywhere let alone encrypted their internal datacenter links, and if Microsoft have a similar effort they aren't talking about it, there's some evidence that he might be right. After all, if you get a government warrant for your data you're just as stuck as Google is: not much you can do about it. On the other hand, you are unlikely to secure your infrastructure as well as Google does.

Comment: Re:Under US Jurisdiction? (Score 1) 281

But Google makes money from targeted advertising

Google makes significant sums of dough from paying corporate customers who use Google Apps. These clients can switch off advertising if they like. These are also the places where some of the most sensitive data is stored.

So Google have both the financial means and incentive to solve the end to end crypto problem for such clients. The difficulty is not financial. It's technological. Matching even just the feature set of Gmail with end to end crypto is insanely hard, and that's before you hit the "everything is a web app" problem.

Comment: Re:Under US Jurisdiction? (Score 2) 281

The point of forward secrecy is there are no such keys to seize. The "master keys" are only used for identification, not encryption. So whilst a gov could theoretically seize Google's keys, this does not help them decrypt wire traffic. They'd have to do a large MITM attack, and to get everything? They'd have to decrypt and forward ALL Google's traffic. Not feasible.

Good use of applied cryptography means that realistically the only way for a government to get data out of it means requesting it specifically from the providers. In places where the warrant system has been vapourised (which certainly includes the USA and UK), this might not seem like much, but it does help prevent fishing expeditions.

Comment: Why not ask who are in charge of defining words? (Score 1) 173

by Sloppy (#48602939) Attached to: The GPLv2 Goes To Court

If you were going to ask a "someone" how they meant to define "derived work", you would ask Congress, not the author(s) of one out of a million contracts which happen to make use of that term.

You're right that it's upsetting that (mostly) people who don't really work with copyright would end up answering it, but that's the nature of law, or at least until you start electing[/appointing/etc] authors. (Cynic: or until those people start funding election campaigns.)

It's only after you have determined that something is a derived work, that you go study licenses. Until that point, licenses are irrelevant.

Comment: Re:Can you say... (Score 1) 263

by StillAnonymous (#48593879) Attached to: Judge Rules Drug Maker Cannot Halt Sales of Alzheimer's Medicine

In America, these wonderful pharma corps have also purchased a law that says you can't import your drugs from another country. YOU are not allowed to take advantage of "the global market".

THEY, on the other hand, can shop around for labour where they see fit, even to the detriment of the populace in their corp's home land. The same land that allowed them to gain their massive wealth through protections and assistances.

Never mind, citizen, the fact that this law is actually breaking the Sherman Anti-Trust Act.

Comment: Re:Here come the certificate flaw deniers....... (Score 3, Informative) 80

by IamTheRealMike (#48564187) Attached to: New Destover Malware Signed By Stolen Sony Certificate

In practice, a certificate is nothing more than a long password

Fail. A certificate contains a public key. This is nothing like a password. You're thinking of a private key. The whole point of a certificate is that you can prove your identity to someone without sending them your password.

Unlike the password in somebody's head or even on a sticky note behind the monitor, these certificate files can often be stolen remotely!

Double fail. Firstly, nobody actually steals certificates. Certificates are public. When someone says something was signed with a "stolen cert", what they actually mean is "stolen private key the public part of which is contained in a certificate signed by a trusted third party", but that's a mouthful, so we simply and say "stolen cert".

Secondly, private keys can and absolutely should be protected with a password! Or they can be kept in special hardware. However, as you may have noticed, Sony got pwned pretty hard so presumably whatever private key was stolen either had no password, or they were able to just keylog the password when it was used.

These people are a joke.

The joke is on you ..... certificates are not a replacement for passwords and if you think they are, you didn't understand what they're used for.

Comment: Re:Culpability? (Score 1) 180

by IamTheRealMike (#48547237) Attached to: Uber Banned In Delhi After Taxi Driver Accused of Rape

More news (seems this story is unfolding right now) - apparently the driver did NOT have a prior conviction for rape at all, but in fact had only been arrested due to an accusation. So it seems that the first possibility was the correct one, and there's really nothing that could have been done here (unless you believe anyone should be able to ban anyone else from being a taxi driver for life with nothing more than an accusation).

Comment: Re:Culpability? (Score 3, Informative) 180

by IamTheRealMike (#48546953) Attached to: Uber Banned In Delhi After Taxi Driver Accused of Rape

W.R.T background checks, someone on Twitter has found a photo of a notarised police certificate stating the guy has no criminal record. So either whoever reported he has one is lying, or the police verification process in India is as unreliable as people say it is.

Regardless, I expect it will make little difference in the court of public opinion.

Comment: Re:Culpability? (Score 1) 180

by IamTheRealMike (#48546871) Attached to: Uber Banned In Delhi After Taxi Driver Accused of Rape

If that is the case, and the guy came up clean but yet still went on to do X, how is Uber any more culpable than a taxi company hiring a cabbie with no record, who subsequently goes out and does X, or a tour company hiring a bus driver with a spotless background, who nonetheless does X?

They aren't. But it seems like there's a new trend in town - when a foreign tech company could potentially have guessed that someone using their service might potentially have done something bad, they're automatically at fault. See: Facebook and Lee Rigby in the UK.

In this case, the logic seems fairly simple - the guy apparently had a prior conviction for rape, thus, should not be allowed to be a taxi driver. If Uber had checked then the rape wouldn't have happened (assuming it did). The problem is the guy's prior conviction was also for raping someone in a taxi cab, so obviously this isn't a solution to all such problems because there's always a first time. Another problem is that I've read India doesn't actually have a national conviction database system, indeed they barely have a coherent national identity scheme at all (I remember reading about programmes to try and introduce biometric identity nationwide to fix this but it's a huge job). Apparently the way you do a background check is walking in to the local police district office and asking. If the crime happened elsewhere, tough luck. For anyone who knows the real situation in India, I'd be interested to know if this is true.

Anyway, even with reliable background checks, you can quickly end up in a situation like the USA where former felons cannot get jobs anywhere (see recent /. story about this problem), and then you get rules like in Europe where former convictions get wiped from the record after a few years to stop that happening, so there are no solutions that make everyone happy.

"It's what you learn after you know it all that counts." -- John Wooden

Working...