Become a fan of Slashdot on Facebook


Forgot your password?

Comment Its Scripting time! (Score 2) 79

Time to start developing that 'Write to be Unforgotten' search extension then.

Been planning this idea for a while and now seems the right time to do it. i.e.

Code a browser extension that using VPN tunnels to compare local and other nationality search results, adds back in redacted results with 'Locally Censored' tags, plus tag results seen locally but not elsewhere with 'Censored in: CN, EU etc'.

Also add CDN support to anonymously cache and test historical searches for global censorship.

Anyone interested in assisting or Beta-Testing?

Comment UA change imminent to: Googlebot/2.1... (Score 1) 653

Since many of these sites rely on their search engine rankings I bet they don't block search spiders that refuse scripting or even serve them ads as that would make their pages way too dynamic to be usefully indexed.

Thus the fourth option after Whitelist, Pay, Go-Away is change your browser's User Agent string to match that of a known search engines indexing spider.

Potentially, no more ads to block, no paywalls and also no malware because that stuff tries hard not to be noticed by the search engines and thus get the site blacklisted.

Comment Lies, Damn Lies and Statistics (Score 1) 592

Same thing here I suspect as with:

*Double daylight savings time stats for the two periods in history when it was tested in UK.
*Cubic spline curves on highway exits to reduce normal road entry speeds.
*Progressive noise strips on roundabout entries.
*Removal of curbs on shopping streets

All these 'experiments' that 'proved' their worth statistically, partly relied upon the introduction of something unfamiliar to the road user, which in turn promoted unease and inherently better observation. Unfortunately, after introduction and a suitable period of use they became familiar and their benefit was either nullified or in some cases resulted in greater road carnage.

Someone once said that over time the motorcar has become safer with seat belts, airbags, disk breaks, wide tires etc. Which resulted in such a feeling of well being that drivers drove progressively faster and more dangerously. The suggestion then was to remove the seat belts and airbags and replace them with a 6 inch metal spike sticking out of the steering wheel. This would theoretically cause drivers to be much more cautious of speed lest they be impaled. Anyone want to do a double-blind statistical study?

Comment Watched or scanned? (Score 1) 255

But did the BBFC really watch all 10 hours, or just use run it a high speed looking for a scene change. If it were me making this film I would definitely have put in some siliceous scenes of single or double frames (1/24s. 1/12s) with perhaps the occasional obscene word displayed subliminally (5% contrast) to see if they are on their toes.

If not, then HEY we just got smut past the censors, WIN!

Comment Beware of heavy loads reversing (Score 1) 875

Every time some politician makes a promise like this I always think, Sure but because of globalisation it will always be the smaller part of the company that resides in the first world. Therefore the logical outcome to any single government's moves against a corporation would be the decamping of said corporation to another jurisdiction. i.e. Apple would move out of the US entirely and place their headquarters in a more friendly nation.

Comment Deduplication anyone (Score 2) 284

As was pointed out by a commenter earlier when Bruce Schneier posted this.

This whole hypothetical is moot and has already been attempted for DMCA and Child Porn cases. This is because Deduplication is a feature of any large file sharing entity gmail included as drive space is not free.

Because of deduplication there will only ever be one copy of the relevant file clusters in existence and a table of assignments for which messages and or accounts to apply it too. Thus given an example of the file or the list of cluster hashes and a simple court order a company can expunge the one copy and/or return the list of holders with their association / upload / download dates.

Now one key issue would be that even a single bit changed in the file (mentioned in the article) would change the file hash and probably 50% of the bits in the specific cluster would flip. But for larger files >10MB it may be sufficient to match a percentage of cluster hashes and then inspect the misses further.

That said a savvy antagonist would recognise the above and suggest ways to defeat deduplication, even without using anything fancy. For a text file, simply running it through a compression algorithm would change it sufficiently and if you use one that does encryption correctly then each encipherment, even with the same key, would result in a different file. Plus since you are not actually interested in securing the file you could include the password as the filename.

Comment Culpable? (Score 1) 406

I wonder if them asking you to turn off your adblocker and then serving you malware (an acknowledged reason people use adblockers to avoid) makes them at least partly culpable for any resulting infection?

If not then next time I see one of these notices I will drop them an email with my Terms Of Servicing for them to agree too before I disable my malware protector (adblocker).

Comment How exactly? (Score 1) 152

Similar to the recent 48 hour whatapp injunction in Brazil (which was overruled after 12 hours), trying to punish a company offering a free service for not complying to evidential requests will only end up punishing the populus i.e. VOTERS.

I can see that issuing an interception warrant across borders is difficult, but mandating a deviation to accepted law of the targeted nation will only end up getting your warrants overruled.

Comment Disingenuous at best, bold faced liar at worst? (Score 1) 345

Ms Fiorina,

Since I don't assume for a femto-second that you are unversed in technology or have at your back a multitude of technical advisors, as does your brethren across all parties. I am only left to assert that you are being disingenuous at best or a bold faced liar at worst for suggesting that government needs a "work around" for encryption to address current international criminal conspiracies. You know as well as I that such a thing is IMPOSSIBLE. It is especially IMPOSSIBLE in reference to the high value targets that you and your like have already declared, because they will never use cryptographic products that any government has a "work around" for. I speak specifically of all the Open Source, independently internationally vetted products that are available to any person with access to an internet connection.

I am only left to assume that should you get your wish of a "work around" that it could only be applied to the low-hanging-fruit of those citizens or otherwise, unversed in Operational Security who would trust encryption suspected to have a "work around" included. i.e. Wannabe criminal idiots, Minor Agitators and the general Citizenry.

We are Pseudonymous, we are Elsewhere, we sometimes Forget but we never Forgive (especially at polling time).

--- BTW: I give this post free of copyright to all, just replace the quoted portion with your detected dumb-assery quote of choice ---

Comment New DHS safety feature? (Score 1) 96

Perhaps the bug is really a hidden feature, only revealed by accident. ( This is a shoe in for a Bruce Schneier's Movie Plot Scenario )

Deeply buried in the ADS-B firmware is an emergency setting which, should the Department of Homeland Security get a credible security theatre warning that criminals with smartphones and GPS guided drones are planning to bring down airliners. All airliners with updated ADS-B firmware will report their position as exactly 70nm away from their real position on a pseudo-randomly generated bearing keyed on the date. Thus all participating aircraft are equally displaced in the same direction by the same amount.

As to them darn foreigners, well we shoot them down first to clear the skies lest our majestic fleet become damaged.

Comment Re:who gives a shit? (Score 1) 291

Remember though with all these historical figures they always represent a gross oversimplification of history & in many cases it was the first to publish not necessarily the first to invent that is celebrated e.g.

Newton actually used the phrase "On the shoulders of giants" as partly self deprecation, partly insult of the real sage of his work in optics while his work on infinitesimals was predated by Leibniz.

Marconi only implemented the discoveries of Hertz, Orstead and others while ensuring he got the money up front and patented everything.

Edison basically stole and bullied his way to the top more by the perspiration of those he employed than his own inspiration

Graham-Bell was actually the 3rd person to invent the method of carrying voice over wires. Even the US congress acknowledges that Antonio Meucci was the first inventor 26 years before Bell.

The Wright Brothers were only able to claim first powered flight because several years earlier British inventor Percy Pilcher was killed demonstrating his glider to investors in an effort to get funds for his final tests of his powered aircraft.

Tesla, well OK you got me on that one.

Comment Remember Andrew Carnegie? (Score 1) 240

How is this different from Andrew Carnegie? He gave from his personal assets and set up an off the books company to manage his donation whims. Some of those donations were to for-profit companies, some to existing trusts and some were to individuals on the basis that they would set up a trust. Unfortunately Carnegie did not have the benefit of the current LLC process, so a percentage of all those that were deemed investments ended up in the coffers of the federal government, where most of it would go on pork projects. How much more could he have done if he'd had the benefits of Zuk'.

Comment Stalking Horse? (Score 2) 137

I take Mr Beard's comments at face value, that his company can offer lawful intercept without back doors. Unfortunately this has nothing whatsoever in common with the statements made by Apple and others.

You see Blackberry has a unique position in the market, it being not just the manufacturer but also the network operator. Thus for most normal Blackberry users (non-corporate), their secure end to end communications begin and end at Blackberry's servers. Also their device encryption software has at least one known weakness to offline brute force cracking so perhaps there are more.

All this means that what Blackberry is really saying is that, since they control the communication keys and made a less than perfect encryption product they can offer lawful interception where other vendors had to rely of real hardware device encryption and end-too-end communications.

BTW, Apple does not get off scot free here as its Imessage product can offer lawful intercept, just not decryption after the fact because they too control which keys are used to encrypt which iMessage.

Comment $1M or not $1M here is the important bit (Score 2) 79

OK lets accept for not that CMU did not receive payment for their data and that they only gave up their data upon subpoena, it really was just icing to the real issue. That of the un-ethical disclosure of peoples private data resulting in an indirect FBI evidential fishing exercise, which is allowed in discovery unless the evidential collection is prompted (hence the $1) which would render it 'fruit of the poisoned three' and why there is perhaps so much emphasis being placed upon payment.

Remember this, any entity involved in security research or even just a business can be subpoenaed for their data and required by law to not disclose the fact of the request. Further, resisting such requests can lead to extended legal difficulties; just ask Ladar Levison ( ).

So what CMU did wrong here (if current evidence is correct) was to collect and keep significant personal information as a result of their 'Research', which is incompatible with what security research is about. If there had been an Ethical Review Board of the ongoing CMU research this should have been noticed and changes made.

Thus, what could CMU have done.

* They could have set up an internal Review Board to review the ethical, legal and other issues of such research {they admit they did not}
*They could have designed the data collection part of their exploit to anonymize data such that connection inferences can be made without disclosing actual IP addresses ( simply make a salted hash of each IP address ) {they did not}.
* They could have limited collection to just what was needed to prove the exploit and then shut it down {they did not}, instead they ran it for over 3 months.
* Upon proving the method they could have immediately followed responsible disclosure and briefed TOR group {they did not}
* If the research was launched initially by an FBI request or similar, they should have taken legal advice and realised that they could not do this ethically or follow the above and thus NOT agreed to do it {Clearly if so, they failed}

So in closing take note, in the current legal and criminal climate DON'T collect and store unnecessary information unless you can prove that you can protect it from disclosure in untargeted extralegal ways, lest you and your establishment end up be in hot water ( see Sony, Ashley Madison, CMU, NSA etc etc)

Slashdot Top Deals

The perversity of nature is nowhere better demonstrated by the fact that, when exposed to the same atmosphere, bread becomes hard while crackers become soft.