Follow Slashdot stories on Twitter


Forgot your password?

Comment Re:No! (Score 1) 227 227

I once worked at a place where the policy was "don't use the camera on your phone without permission on site or we immediately fire you." That's under the limit of what I am willing to put up with, but it's close.

What was so great about this job that you were willing to put up with such inconvenience?

Comment Re:No! (Score 1) 227 227

And the penalty for bringing it in was to have the equipment (or at least the disk) crushed; as happened to a contractor who was not aware of the rules and brought in his laptop.

People put up with this? I would have dropped the contract immediately and perhaps sued for damages (unless it was the government, because you can't sue them due to "sovereign immunity" which really needs to be repealed).

Comment Re:crypto war 3.0 you mean? (Score 1) 91 91

The stuff you're talking about is the stuff there is less public information about, so it's hard to know how effective it is. QUANTUM certainly sounds scary in principle, but we know very little about how effective it is. And, since it's using 0-days, they can't just use it against anyone they want without potentially burning the 0-day. The exploit can be automated, but the decision to deploy it can't be. Untargeted "dragnet surveillance" -- the most politically problematic part of Snowden's revelations -- is also the easiest to get around for anyone with the knowledge to do so.

Finally, anything the NSA finds through its secret programs can't be used in court except through parallel construction, which isn't always possible and is rightly starting to be seriously challenged by judges. So, I'd say the FBI's capabilities and criminal organizations' capabilities are more important to most people than those of a super-secret organization like the NSA. It doesn't matter so much if the NSA can invade your privacy if it doesn't have the ability to do anything about what it finds.

Comment Re:Give them something to do! (Score 1) 334 334

Find or record a video of two cats having sex. Encrypt the video and name it "hot_kitty_porn.mkv.gpg". Use a password short enough that they'll be able to brute force it EVENTUALLY, but only after wasting lots of time (probably you don't want them to have to spend more than a day or so, because you will be in jail while this is happening). The look on their faces when they let you go will be priceless.

Note: maybe don't actually do this because you will go to jail, and they might be able to come up with some random thing like "interfering with an investigation" or something to charge you with out of spite. In general it's fun to think about these things, but not smart to do them.

Comment Re:Same thing happening to James O'Keefe (Score 1) 334 334

It probably doesn't help that O'Keefe has a known record of filming himself crossing the US border illegally, and then bragging about it publicly - the fact that he's done it while dressed up as Bin Ladin may be an additional factor.

LOLOL. That's awesome. He's got balls, you got to give him that!

He's also lucky he wasn't shot. Still: balls.

Comment Re:crypto war 3.0 you mean? (Score 1) 91 91

I think we're talking past each other. Internet vulnerabilities don't really matter that much to me in the analysis; there is no reason one can't do his crypto on a computer not connected to the Internet if he's concerned about Internet exploits. And the FBI/NSA resorting to 0-days is a rearguard action. They can only afford to do that to high-value targets, because using a 0-day and getting caught means you lose the 0-day.

And of course mainstream security is low. If we're going to say that we "lost the crypto war" as long as there are holes in Flash, we'll never win. There will always be holes in Flash, and there will occasionally be holes in Firefox. Honestly the biggest win for government is when the FBI took over a child porn server on Tor and de-anonymized people through a buffer overflow in Firefox. And you know what? They lost that 0-day after that.

Also, their 0-day wouldn't have worked if the Tor user was using Whonix. One way to get security is through layers; the more layers, the harder it is to break through all of them.

Still, think about that. The worst compromise in recent history we know about is the FBI using a 0-day in an old version of Firefox/Tor Browser. Oh yeah, did I mention the 0-day only existed in an ALREADY OBSOLETE version of the Tor Browser? I guess the FBI didn't have any current 0-days on hand for Firefox, or didn't think catching pedophiles was worth burning it. Too bad the sickos who visited Freedom Hosting child porn sites and also kept their browser up to date didn't get caught by that sting. Still, that was pretty clever of the FBI. They deserve credit.

BUT: if that's the best they can do, then, for better or for worse, the government has definitely, without a shadow the doubt, "lost the crypto war".

And btw, we probably do want the FBI to catch child rapists and be able to decrypt say human traffickers' hard drives when they have a warrant. And they can't. And that is bad. It's just that breaking security for everyone is not a reasonable solution to that problem. As far as I can see, though, there is no solution to that problem. Living with criminals being able to keep their secrets is likely just a cost of progress.

Comment Re:Yes? (Score 1) 674 674

Wow. Your comment is probably the single best argument against overregulation ever made.

(student buys cheap-shit Chinese charger rather than expensive Apple charger and ends up catching the classroom on fire... been there, seen it, done it).

What does this mean? It seems to say that you've personally set at least one classroom on fire with faulty phone chargers, but that can't be right, because that's absurd.

Do you test every electrical appliance tourists bring into the country? I mean, they could catch the hotel on fire, right?

Never mind ... there's no point trying to make sense of this brain damage.

Comment Re:Yes? (Score 4, Insightful) 674 674

You work at a really, supremely, fucked up place. In the sane world, newer classrooms have outlets at every desk so students can charge their laptops, at the podium so speakers can plug their laptops in, and in offices so workers can plug in their phones/laptops. And no, an electrician doesn't test every single phone and laptop before it gets plugged in because WHAT FUCKING PLANET ARE YOU FROM.

Outside of schools, public places like airports and bus stops have outlets for people waiting around. And airplanes and trains often have outlets at the seats. Perhaps you've noticed that portable electronic devices like computers and phones have become more common in recent years. That likely has something to do with the recent explosion of outlets in public places.

And perhaps -- no, almost certainly -- your school, like so many primary and secondary schools, is run by a neurotic, petty dictator who gets off on controlling every possible aspect of students' and others' behavior, and who will use any possible excuse, no matter how stupid and absurd ("fire safety"), to exercise this control.

Just curious, is your school also one of the ones where students or employees will get expelled for having premarital, consensual sex with each other?

Comment Re:crypto war 3.0 you mean? (Score 2) 91 91

Bullshit. One of the most interesting things to come out of the Snowden revelations was the discovery that the NSA doesn't have any secret ways into properly done crypto -- Schneier even noted as much in his interview with Snowden.

You're right that most people's communications aren't encrypted -- that's an artifact of people trusting large corporations like Google and Apple with their data. But dm-crypt and loop-AES on Linux have been safe for a long time, and, though I wouldn't personally trust BitLocker and Apple's equivalent, I've seen no concrete evidence they're backdoored, either. And then there's TrueCrypt and its successors, which are brilliant pieces of work. TrueCrypt has even been audited and found solid.

This is the second crypto war. The government lost the first with Clipper and Skipjack, but the low priority most people put on security and the general low level of intelligence of criminals meant that they didn't often run into problems, despite their loss. Most people accept the defaults on software, and encryption isn't the default.

Now, Google and Apple are announcing that they will make encryption the default on their phones. This is the cause for the government's alarm: encryption by default would be very inconvenient for them. They've always known this, which is why they fought the first crypto war. They lost, and encryption slowly but surely became more and more prevalent. Now it promises to be Android+iOS-level prevalent. They don't want that, for obvious reasons. This is their last stand. And they will lose, for the same reason they lost the first crypto war: encryption is a fait accompli.

Unfortunately, they have a point. Not being able to read legitimate criminals' communications will likely make the police's job harder. We have a system of privacy protections that attempts to strike a balance between privacy and law enforcement, and encryption tilts the scale all the way in favor of privacy and against law enforcement. There's nothing anyone can really do to fix that; it's just how the world works now. But it's worth acknowledging that there is a problem here, even though we don't have a solution to the issue, and even though the FBI's proposed solution is completely insane.

Real programmers don't bring brown-bag lunches. If the vending machine doesn't sell it, they don't eat it. Vending machines don't sell quiche.