Forgot your password?

typodupeerror

Comment: But does it work well in practice? (Score 5, Interesting) 94

Strongbox technically is very strong, without a doubt. But, being TOR based, it will be hard to use. Worse, a potential leaker not only must use their own computer (ideally a throwaway computer), but they can never have VISITED the Strongbox information page from work, because otherwise any leak to the New Yorker will be suspicious.

And Strongbox's information page drives Ghostery crazy! Not a good sign for a privacy tool.

Probably more important is general Operational Security, including burner phones and/or burner computers.

Julia Angwin has an excellent additional point: Physical mail (dropped in a random post-box with a bogus return address) is perhaps the best way for anonymous one-way communication. The USPS will record address information when asked by law enforcement, but (currently) doesn't record this on all mail. Thus there is no history and, even if there was, this can only be traced to the processing post office. Perhaps the best use of the mail is simply to send the reporter a burner phone preprogrammed so that the reporter can call your burner.

Comment: 1FuckBTCqwBQexxs9jiuWTiZeoKfSo9Vyi (Score 2) 239

by nweaver (#43593643) Attached to: One Bitcoin By the Numbers: Is There Still Profit To Be Made?

Yes, send your unwanted bitcoins here: 1FuckBTCqwBQexxs9jiuWTiZeoKfSo9Vyi

Overall, a general problem with BitCoin mining is that it is a classic "Red Queen's Race". The fixed rate of bitcoin addition means you can only get ahead at the cost of someone else. Which means, IF bitcoin succeeded, mining is effectively non-profit as the rather low barrier to entry (even ASIC rigs are only $2K) and no monopoly power means that the profit from mining gets, well, stripped out.

Comment: Sadly, no... (Score 3, Interesting) 153

by nweaver (#43361489) Attached to: Want to Keep Messages From the Feds? Use iMessage

iMessage keeps messages secret from the carrier, but it can't keep the messages secret from the feds.

Apple has to be able to know the user's private key to allow them to log in new devices, at least when the user logs into Apple using their Apple password. And therefore, with a warrant, so can the police.

Now Apple could use a technique where your password is hashed one way to create your iMessage key, and hashed a different way to be sent to Apple for logging in. But this doen't seem likely, as a login to iCloud (using a user's apple Password) on the web interface sends the password to Apple where its hashed on their end for login validation. So unless the iPhone/Mac iCloud login uses a different technique, Apple must (at a minimum) be able to access the user's iMessage key when the user logs into Apple.

And its far more likely that Apple (and therefore the police with a search warrant) can get the user's iMessage key whenever they want.

Comment: All Biofuels are a crock.. (Score 5, Informative) 238

by nweaver (#43262399) Attached to: 'Energy Beet' Power Is Coming To America

It's all a simple matter of area: With an electric vehicle my entire transportation energy usage can pretty much be covered with a small rooftop solar system. To do it with biofuels would require acres of space.

The problem is simple: Photosynthesis is just vastly less efficient than photo voltaic solar

Comment: Various bits of FUD correction. (Score 5, Informative) 404

by nweaver (#43234731) Attached to: Digging Into the Legal Status of 3-D Printed Guns

a: An FFL7 (which is what Defense Distributed got), once they complete some additional tax paperwork, allows them to make and sell semiautomatic rifles like any other manufacturer. And there are lots of small manufacturers these days. Heck, there is one in Napa, CA, if you want a fine, vintage 2013 AR-15 with "Made in Napa, CA" printed on the side.

b: Plastic AR lower receivers are old news. There is a lot of panic buying of AR rifle components thanks to Dianne Feinstein's salesmanship, but the plastic lowers are readily available.

You can even get a 5-pack for $400!.

Distributed Defense's sales, if any, are going to be those wanting to support their R&D, as there is no way they can compete with the existing aluminum lowers, let alone existing plastic ones, on price or quality for a given price.

c: There are a lot of businesses which legally help you make your own gun. EG, you buy an 80% lower (a not completed lower receiver) which the ATF does not consider to be a gun and then you finish it yourself by renting some milling machine time and doing it yourself. Until its finished by the purchaser, its a paperweight, not a gun.

d: Some guy has even managed to do a home-made polymer lower using molding techniques.

Comment: But what are they really worth? (Score 1) 260

by nweaver (#43171709) Attached to: Ask Slashdot: How To Donate Older Computers to Charity?

A circa 2006 computer is in the only ~5x-10x faster than a Raspberry Pi, and has a power cost on the order of 100-200W/hr. So a 2006-era computer, even free, costs ~$90/yr just in power if its left on.

Similarly, for a non-profit trying to be uber-cheap, why not just go with ChromeBooks? If you are in a position where you can have a network (e.g. like an office environment), they are cheap, and the office and so-on that are needed for productivity.

Comment: This makes no sense... (Score 2, Interesting) 124

by nweaver (#43125565) Attached to: How the First Bitcoin Hedge Fund Approaches Security

Such procedures only work for cold storage of Bitcoin: wallets where you have no access to them. Basically, the equivalent of a bank vault for gold: its there, its sitting, but you can't actually do anything with it. Worse, unlike a bank vault, you can't transfer the bitcoins while they are in this vault.

Therefore, the hedge fund's only strategy for these wallets is to buy BitCoins and sit on them. And do nothing. Which, if you believe in BitCoin, makes sense (the design is hyper-deflationary, so the only rational thing to do with BitCoins is to hold BitCoins), but thats hardly what you'd call a hedge-fund strategy.

So how can you call it a hedge fund when all it can do is buy & hold?

Comment: Very VERY stupid idea... (Score 4, Insightful) 233

by nweaver (#43030783) Attached to: Dennis Tito's 2018 Mars Mission To Be Manned

Whats the point? You're shoving many extra tons (between person and life support), and you have to put it on an orbit that brings it back home, and for a payload that can do little more than look out the window and go "ohh, pretty" while being irradiated for years outside of the protection of the Earth's magnetic field.

Even if the mission goes 100% to plan, the cancer risk alone is probably a death sentence for the two passengers.

Comment: CC has NOTHING to do with open access... (Score 5, Insightful) 172

by nweaver (#42819649) Attached to: Researchers Opt To Limit Uses of Open-access Publications

Open access is ensuring that everyone can read your papers. All the other CC ones are about derivative work rights, which is orthogonal to open access.

In fact, its rather silly to even think of: Quoting papers is fair use, but modifying scientific papers? You don't want third parties modifying the papers: they can easily screw things up as the paper is only part of the process, there is also the data and analysis behind it.

So of the choices given, CC-BY-NC-ND is the only one that should be in that list.

Comment: The real question: incentives to pirate... (Score 2) 199

by nweaver (#42750241) Attached to: 150 Copyright Notices For Mega

The big reason that MegaUpload got into huge trouble is they structured things to create an incentive for piracy: those who uploaded "popular" files would earn $$$, and the "takedown" implemented by MegaUpload was deliberately defective: only taking down single URLs when, behind the scene, they kept the files available with different URLs. Thus the old MegaUpload deliberately created a structure to encourage and benefit from piracy.

If the new Mega drops this incentive structure, and their encryption eliminates the deduplication, they should be in much more solid shape.

Comment: Our article on the subject: (Score 4, Informative) 58

by nweaver (#42695139) Attached to: 10 Years After SQL Slammer

We (David Moore, Vern Paxson, Stefan Savage, Colleen Shannon, Stuart Staniford, and myself) did the analysis of how it spread, including showing how it infected all the vulnerable systems in 10 minutes, and detailing flaws in the random number generator.

Our article eventually appeared in IEEE Security & Privacy.

1 Mole = 007 Secret Agents

Working...