Forgot your password?

Comment: Re:misleading title (Score 3, Insightful) 60

by return 42 (#45846403) Attached to: Thank Goodness For the NSA — A Fable

I think it's more like, thank goodness $POWERFUL_PERVASIVE_SECURITY_THREAT made everyone realize their security was worse than crap, because otherwise they would never have gone to all the trouble of fixing it. Plus various suggestions for how to fix this state of affairs.

He seems unaware of the issues with compromised hardware, which will require either a political solution or a whole lot more work than software solutions, but as a call to action, it has some merit.

Comment: Take them at their word (Score 1) 455

Good morning, Anonymous.

In an ongoing court case, the US Drug Enforcement Agency has argued that citizens have no "expectation of privacy" for any medical records that are ever provided to any third party.

You mission, should you choose to accept it, is to take them at their word. Find the medical records of as many of the following people as possible: members of the DEA, attorneys for the DEA in this case, and any judge at any level of the US judiciary who has ever ruled against citizens' privacy. Publish said records. After all, according to the DEA's own argument, they have no expectation of privacy. No harm, no foul.

Good luck, Anonymous. This posting will self-destruct in five seconds.

Comment: Likely outcome (Score 5, Insightful) 105

by return 42 (#44870643) Attached to: UK Cryptographers Call For UK and US To Out Weakened Products

I suspect the agencies will make a great show of reluctance, then reveal what they did to some protocols and algorithms -- those where the backdoors are most likely to be noticed, or have already been found, such as Dual_EC_DRBG. The crown jewels, those least likely to be noticed, will remain secret. Nothing to see here folks, move along.

NSA and GCHG couldn't care less about the public interest. They have a mandate to spy on as much as possible on the off chance that it may prevent some terrorist act. They will continue to do so in any way they can unless the legislative bodies or courts in their respective nations rein them in. This seems moderately likely in the US, quite unlikely in the UK.

Comment: Re:News? (Score 1) 314

by return 42 (#44863231) Attached to: NSA Spies On International Payments

And which of those would cover sending money overseas? If they were grabbing your own books, that would be your papers and effects, but that's not what they're doing.

If a US citizen was suspected of espionage during the War of 1812, and part of the evidence was that he had been receiving money from the UK, do you think SCOTUS would have ruled that evidence inadmissible? I don't think so.

Comment: Re:PCI Compliance (Score 1) 314

by return 42 (#44863157) Attached to: NSA Spies On International Payments

If you think Snowden is intentionally cooperating with those governments, you have the burden of explaining why he went public, instead of just moving into his dacha and enjoying his ill-gotten gains.

If you think those governments have tried to get the data without his knowledge, bear in mind that he's technically sophisticated and it's inconceivable that he didn't encrypt his drive.

If you think the Russians are employing rubber hose cryptanalysis, bear in mind that he is still in contact with several western journalists, and it's very likely that they have prearranged codes to let him communicate such a message.

Comment: Re:Pay cash !!!! (Score 2) 314

by return 42 (#44863033) Attached to: NSA Spies On International Payments

Consider: in the US, you generally get only $20 bills from the ATM. You go and spend these with retailers who usually get nothing larger than $20 bills. The $20 bill you spent thus is not recycled as change, and it gets deposited at the end of the day. That makes a nice short loop that's easy to analyze.

So if you want to buy something and not make it too easy to track the bills, use denominations under $20.

Now, as for things like making a drug buy, where you really wouldn't want the gov't to track it, that's probably less of a problem because those people tend not to use banks so much...

Comment: Re:Why? (Score 2) 133

by return 42 (#44862993) Attached to: 3D-Printed Gun Bought and Displayed By London Art Museum

I'm still not sure what makes 3D printed guns any different or more special than a gun produced with CAD plans and a used CNC machine.

Good point. I see two reasons for "the authorities" to be more worried about 3D guns. First is (I would guess) CNC is fairly mature and stable, while 3D printing is undergoing rapid development, becoming cheaper, more versatile, more accessible. Second is that a CNC machine is something of a niche application, not interesting to many people, whereas 3D printing can make a much wider variety of things and is therefore potentially of interest to more people. Thus, 3D printed firearms are potentially accessible to many more people, and, with future technology, easier to produce.

Comment: Re:optical inspection? (Score 1) 166

by return 42 (#44858657) Attached to: Stealthy Dopant-Level Hardware Trojans

Yes, I just realized this. A properly written OS can periodically test the hardware RNG for reduced entropy. Let us suppose we can detect if the entropy has fallen below 32 bits. Then, whenever we are using the hardware RNG, we pessimistically assume that there are only 16 bits of entropy available per sample. Grab a bunch, run it through a good hash function, repeat, concatenate. You end up with as many bits of good random data as you need, and you XOR it with the random bits you got from other sources.

Comment: Fluoride (Score 1) 149

by return 42 (#44854845) Attached to: Tooth Cavities May Protect Against Cancer

It seems that they did not control for exposure to fluoridated water. The article says "they had no data on the causes of missing teeth." It would be interesting to see if any clear results emerged from a study that did control for that.

However, given the level of entrenched interest in water fluoridation, I suspect it would be difficult to find funding for such a study, at least in the US.

"Those who will be able to conquer software will be able to conquer the world." -- Tadahiro Sekimoto, president, NEC Corp.