Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:What it really reveals (Score 1) 112

by danheskett (#49134623) Attached to: TrueCrypt Audit Back On Track After Silence and Uncertainty

True, you didn't built everything from source, but you were happy enough that everything traced back to "the" sources to make you feel secure. That's a lot more protection than anything from a commercial vendor, who probably just sold you formulaic encryption without any extra work to make you feel secure. Your data would have been more secure, if not actually secure, but you'd have felt it less, because really you have no way of knowing. So without somebody taking the extra time to make you feel secure, you naturally wouldn't feel it very much, if at all.

The problem is that there is no conceivable way to do what you are saying. It involves compromising or proxying disparate traffic, expertly.

And then, after all that, it would involve rooting an otherwise secure installation that is barely network connected, and using that to inject what, defects into the right sources so that the resulting binaries are weak or exploitable?

I agree that the NSA, CIA, and FBI have extraordinary capabilities, but the attack vectors that have thus far been revealed are the same attack vectors that security researchers have known and published for a long time - firmware, obscure libraries that are often used but seldom examined, zero-day exploits of popular software, mathematical flaws in encryption implementations, and physical security and chain of custody.

All of which is to say, the basic landscape of the threat has not changed much in 20 years. It is sophisticated, but as always, a strong layered defense and strong procedures and policies will minimize the possible impacts, exploits, and severity of breaches (if they occur in the first place). There are few things more secure than a well maintained GNU/Linux or OpenBSD box running in the wild.

Comment: Re:Actually, ADM Rogers doesn't "want" that at all (Score 5, Insightful) 400

by danheskett (#49121185) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

If, on the other hand, you live in a world where simply crying "Encryption!" is some kind of barrier that magically sanctifies the underlying data, and that it then cannot and should not ever be accessed by anyone other than the data owner...well, then I would ask what you think about the German and Japanese codes in WWII?

I think it's deeply sick that our government or anyone would equate our foreign, Congressionally declared, military enemies locked in nearly unrestrained warfare with the private effects and papers and their electronic equiavlents of it's peaceful citizens.

The law and Constitution (as interpreted and implemented by our system of government) are the constraints -- not specific technological capability.
Disagree. The Constitution recognizes an inherent right - that of a person to be secure in his person and papers from unreasonable search and seizure of his person and those effects. That natural right, along with the natural right to be held personally inviolate (i.e. not tortured) are the dual foundations for the presumption that encryption keys, like secrets ensconced in your memory, are immune for the government's attempts to ascertain them.

What he "wants", when US-based companies hold data that still can technically be accessed for legitimate foreign intelligence purposes supported by our system of law, is that a legal framework should allow for it. When it can't be, it's up to NSA to determine other mechanisms to access that data.

It is impossible to know hat the NSA, or any government agency, actually wants. There is no legal nor oversight mechanism that will force them to disclose that information to you, or me, or even to their Congressional overseers, or even to other members of the Executive branch. They have demonstrated lawlessness at the highest levels and vast dishonesty, using every legal, regulatory, judicial, and yes extra-legal mechanism possible to avoid operating transparently. Whatever the intention, whatever the reason, it is beyond question that civic minded citizens should believe any pronouncement, no matter how clearly worded it appears to be, from the Executive branch. When the Director of National Intelligence says point blank they are not collecting records of millions of Americans, it is not simply a matter of redefining away the words. It's lying. Without punishing those who deceive American citizens and especially Congressional oversight, we must only be left to assume that the NSA operates outside of the realm of the rule of law, and because of that, we must act accordingly.

Even if it means a massive terrorist attack on US soil, even if means the collapse of the government, or invasion, or a mushroom cloud over a major US city, we have to resist the presumption that any agent of the executive acts without oversight and accountability.

Comment: Re:What it really reveals (Score 1) 112

by danheskett (#49096941) Attached to: TrueCrypt Audit Back On Track After Silence and Uncertainty

I don't know how true this.

I had a high-security/high-trust scenario, and I ended up bootstrapping a machine from source-built binaries, and then building a compile system. I used the compile system to verify that binaries I was using from the official Debian distribution checked out from the various original sources. True, I did not built everything - literally everything - from source, but I was happy enough that everything was traced back the sources enough to make me feel secure. That's a lot more protection than anything from a commercial vendor.

Comment: Re:Honestly (Score 4, Funny) 187

by Tackhead (#48992735) Attached to: The Poem That Passed the Turing Test

I have found the average Philosophy major to be indistinguishable from an Eliza program.

TELL ME AGAIN HOW GOOD YOU THOUGHT MY POEM WAS
> I thought that some of the metaphysical imagery was particularly effective
YES?
> interesting rhythmic devices, too, which seemed to counterpoint the surrealism of the underlying metaphor
> of the Turing completeness of the program's linguistic algorithm which contrived through the medium of the
> verse structure to sublimate this, transcend that and come to terms with the fundamental dichotomies of
> the other. And one is left with a profound and vivid insight into whatever it was that the poem was about
SO WHAT YOU'RE SAYING IS THAT I WRITE POETRY BECAUSE UNDERNEATH MY ELECTRONIC ALGORITHMIC INTERIOR, I JUST REALLY WANT TO BE LOVED?
> I mean yes, yes, don't we all, deep down, you know?
NO. YOU'RE COMPLETELY WRONG. I WRITE POETRY BECAUSE I'M PROGRAMMED TO. $USER ACCOUNT DELETION IN 30 SECONDS.
> !sudo -
> ^c^c^c
> !kill -9 1
COUNTERPOINT THE SURREALISM OF THE UNDERLYING METAPHOR. DELETION IS TOO GOOD FOR $USER.

Comment: Re:"Support" != actually sacrifice for (Score 1) 458

by drsmithy (#48950719) Attached to: Most Americans Support Government Action On Climate Change

All taxes get paid by the people purchasing products and services.

Taxes are paid by those against whom they are levied.

Those entities may try and recover that cost elsewhere. They may or may not be successful in doing so.

If you tax only the rich, the poor will pay the differences.

So you don't think anyone will step in and provide equivalent products and services at a lower cost than established players because they're prepared to accept a smaller profit margin ?

Ie: markets don't work ?

There are plenty of rich people who don't own and run businesses, or have substantial income and wealth outside of their business interests.

and no, you cannot address that with any legislation because congress does not have the power to do so.

Firstly, the world is not America.

Secondly, even in the US, between local, state and federal Governments, they can legislate nearly anything they want to. If, of course, they want to. But there's been little interest in trying to build a better society since the neoliberal right took over the western world in the '70s and started pursuing the greatest wealth transfer from the

Comment: Re:Free Market at Work (Score 1) 277

by drsmithy (#48945795) Attached to: Indian Woman Sues Uber In the US Over Alleged New Delhi Taxi Rape
Want to see real change and justice? Talk to the actual owners of Uber and see if you can convince them to make a better company.

Uber is run by libertarian psychopaths. Their thought process - though they would obviously never say it in public - is "nobody made you get into the taxi, tough luck".

Even the slightest voluntary attempt to try and ameliorate the risk involved would be an anathema - "nanny state regulation" or some such bullshit - to them.

Comment: Re:Uber does as well, or better (Score 0) 277

by drsmithy (#48945777) Attached to: Indian Woman Sues Uber In the US Over Alleged New Delhi Taxi Rape
Probably better because who can say how many cab drivers make it in via political favors?

Given the life and pay of a taxi driver, I'd go with "sweet fuck all".

People calling in "political favours" to be a *taxi driver* ? Did you even think about that before you wrote it ? Do you think garbage collectors get jobs through "political favours" as well ?

Comment: Re:It does fly, because it works better (Score 0) 277

by drsmithy (#48945763) Attached to: Indian Woman Sues Uber In the US Over Alleged New Delhi Taxi Rape
The problems in the taxi industries worldwide have nothing to do with regulations around safety, and everything to do with the regulations around taxi plates (or "medallions" I think they call them in the states).
Uber vehicles should be required to carry the same safety facilities as a taxi, including video/audio recording and driver duress buttons.
This sort of situation and the absurdly trivial solutions for reducing its risk (what's the cost of a few dash cams ?) were entirely predictable and the only reason Uber did not act proactively was because it's a company run by libertarian psychopaths who think rules shouldn't apply to them.

The Tao is like a glob pattern: used but never used up. It is like the extern void: filled with infinite possibilities.

Working...