Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:Side Effects (Score 3, Informative) 41

I have a friend with Friedrich's Ataxia, and CRISPR is one of the silver bullets she's praying for. FA cripples then kills you: wheel chair by 25, dead by 40 is often the case (it hardens the heart so it can't pump). While CRISPR has some unknowns and risks, having FA is a certainty. FA affects a single gene pair, so if you can replace either side of that gene, you have solved the problem, the mitochondria will start producing frataxin again, and the nerves will stop being slowly destroyed.

There are no treatments and since it is so rare (1 in 50,000 have it in the US, 1 in 30k in Europe, almost no one in Africa or Asia), few are investing in finding a cure or treatment. FA isn't the only orphan disorder like this. So yes, I'm quite happy to see CRISPR move forward.

Comment Re:No (Score 2) 269

You forgot margin. They have incredible margin on their products. Their concern is total profit, not units sold. They could easily drop their prices in other markets to keep market share, but the net profit to them might be lower. It isn't like iPhones prices are anything relative to their cost. Their price is based on what people will pay.

Comment Re: too much $, but no, 3 months pay (Score 1) 186

Bill the city/state? Are you an idiot? The police department doesn't just "fix crime" and send a bill to the tax payers. They ask for more and more funds all the time, so that would get lost.

Whether or no 36k is reasonable or not, the courts can decide. It sounds a little high, but not extraordinarily high.

Comment Re:Not a zero-sum game -- and not that simple (Score 1) 395

You again reiterated the false choice. I explained exactly why it is a false choice, and why some possible solutions, which may or may not be available under all circumstances, can address some of the problems without weakening crypto standards themselves, or weakening existing complete crypto systems. That you don't want to acknowledge this is so does not make it untrue. You are focused on backdoors, various key escrow solutions, and the like, and not on practical reality.

Comment Not a zero-sum game -- and not that simple (Score 1) 395

Liberty and Safety are not at two ends of a zero-sum sliding scale, wherein one must be sacrificed in discrete and equal units for the other. We can and should have a good measure of both, and it is government's charge to provide for the latter, while protecting (or, depending on your view, not infringing upon) the former. To say nothing of the fact that our very existence has been an exercise in the sacrifice of "liberty" for an orderly civil society governed by the rule of law, except in the fantasies of internet tech-libertarians.

And what a worthless survey: "warrantless surveillance" of what? Of who? Foreign intelligence targets do not require and never have required a warrant.

Gone are the days where the US targeted foreign communications on distant shores, or cracked codes used only by our enemies. No one would have questioned the legitimacy of the US and its allies breaking the German or Japanese codes or exploiting enemy communications equipment during WWII. The difference today is that US adversaries -- from terrorists to nation-states -- use many of the same systems, services, networks, operating systems, devices, software, hardware, cloud services, encryption standards, and so on, as Americans and much of the rest of the world. They use iPhones, Windows, Dell servers, Android tablets, Cisco routers, Netgear wireless access points, Twitter, Facebook, WhatsApp, Gmail, and so on.

The distinction is no longer the technology or the place, but the person(s) using a capability: the target. In a free society based on the rule of law, it is not the capability, but the law, that is paramount.

US adversaries use the very same technologies we use. The fact that Americans or others also use them does not suddenly or magically mean that no element of the US Intelligence Community should ever target them. When a terrorist in foreign country is using Hotmail or an iPhone instead of a walkie-talkie, that cannot mean we pack our bags and go home. That means that, within clear and specific legal authorities and duly authorized missions of the Intelligence Community, we aggressively pursue any and all possible avenues, within the law, that allow us to intercept and exploit the communications of foreign intelligence targets.

If they are using hand couriers, we target them. If they are using walkie-talkies, we target them. If they are using their own custom methods for protecting their communications, we target them. If they are using HF radios, VSATs, satellite phones, or smoke signals, we target them. If they are using Gmail, Facebook, iPhones, Android, SSL, web forums running on Amazon Web Services, etc., we target them -- within clear and specific legal frameworks that govern the way our intelligence agencies operate, including with regard to US Persons.

That doesn't mean it's always perfect; that doesn't mean things are not up for debate; that doesn't mean everyone will agree with every possible legal interpretation; that doesn't mean that some may fundamentally disagree with the US approach to, e.g., counterterrorism. But the intelligence agencies do not make the rules, and while we may inform issues, we do not define national policy or priorities.

And on backdoors, we don't need "backdoors".

What we do need is this:

A clear acknowledgment that what increasingly exists essentially amounts to a virtual fortress impenetrable by the legal mechanisms of free society, that many of those systems are developed and employed by US companies, and that US adversaries use those systems -- sometimes specifically and deliberately because they are in the US -- against the US and our allies, and for a discussion to start from that point.

The US has a clear and compelling interest in strong encryption, and especially in protecting US encryption systems used by our government, our citizens, and people around the world, from defeat. But the assumption that the only alternatives are either universal strong encryption, or wholesale and deliberate weakening of encryption systems and/or "backdoors", is a false dichotomy.

How is that so?

Encrypted communication has to be decrypted somewhere, in order for it to be utilized by the recipent. That fact can be exploited in various ways. It is done now. It's done by governments and cyber criminals and glorified script kiddies. US vendors could, in theory, be at least a partial aid in that process on a device-by-device basis, within clear and specific legal authorities, without doing anything like key escrow, wholesale weakening of encryption, or similar with regard to software or devices themselves.

When Admiral Michael Rogers, Director of the National Security Agency and Commander, US Cyber Command, says:

"My position is -- hey look, I think that we're lying that this isn't technically feasible. Now, it needs to be done within a framework. I'm the first to acknowledge that. You don't want the FBI and you don't want the NSA unilaterally deciding, so, what are we going to access and what are we not going to access? That shouldn't be for us. I just believe that this is achievable. We'll have to work our way through it. And I'm the first to acknowledge there are international implications. I think we can work our way through this." ...some believe that is code for, "We need backdoors." No. He means exactly what he says.

When US adversaries use systems and services physically located in the US, designed and operated by US companies, there are many things -- compatible with our law and with the Constitution -- that could be discussed, depending on the precise system, service, software, or device. Pretending that there is absolutely nothing that can be done, and it's either unbreakable, universal encryption for all, or nothing, is a false choice.

To pretend that it's some kind of "people's victory" when a technical system renders itself effectively impenetrable to the legitimate legal, judicial, and intelligence processes of democratic governments operating under the rule of law in free civil society is curious indeed.

Some ask why terrorists wouldn't just switch to something else.

That's a really easy answer -- terrorists use these simple platforms for the same reason normal people do: because they're easy to use. Obviously, a lot of our techniques and capabilities have been laid bare, but people use things like WhatsApp, iMessage, and Telegram because they're easy. It's the same reason that ordinary people -- and terrorists -- don't use Ello instead of Facebook, or ProtonMail instead of Gmail. And when people switch to more complicated, non-turnkey encryption solutions -- no matter how "simple" the more tech-savvy may think them -- they make mistakes that can render their communications security measures vulnerable to defeat.

Vendors and cloud providers may not always be able to provide assistance; but sometimes they can, given a particular target (device, platform, etc.), and they can do so in a way that comports with the rule of law in free society, doesn't require creating backdoors in encryption, doesn't require "weakening" their products, and doesn't violate the legal and Constitutional rights of Americans.

And of course, it would be nice if we were able to leverage certain capabilities against legitimate foreign intelligence targets without our targets and the entire world knowing exactly what we are doing, how, when, and why, so our enemies know exactly how to avoid it.

Secrecy is required for the successful conduct of intelligence operations, even in free societies.

"The necessity of procuring good Intelligence is apparent and need not be further urged -- all that remains for me to add, is, that you keep the whole matter as secret as possible. For upon Secrecy, Success depends in most Enterprises of the kind, and for want of it, they are generally defeated, however well planned and promising a favourable issue." â" George Washington, our nation's first spymaster, in a letter to Colonel Elias Dayton, 26 July 1777

Disclaimer: I'm a subscriber, so I see stories early.

Comment Re:So name them already (Score 1) 265

You are mistaking an actual example (my office) with a stereotype. I didn't say all offices are like mine, I'm saying his stereotype is inherently false and gave a specific example to refute his central claim that the stereotype exists. In the world of Graham's Hierarchy of Disagreement , that would be considered in the top tiers of how to debate a topic, ie: using more than contradiction and instead providing evidence.

Comment Re:The first time didn't help. (Score 1) 265

You would be shocked how often that backfires. They have lawyers on staff, paid to take chicken shit threats and shove them back down your throat. They can outspend you in a second flat, and run you into the poor house defending yourself. No, threatening a company and making claims they intentionally did something bad (particularly when you really don't know the whole story) is just a good way to end up broke and defeated.

Comment Re:Port Scans are normal, stop whining! (Score 1) 265

They aren't followed up my malicious activity unless their is a vulnerability to exploit. My guess is all this port scanning has forced the guy to lock his system down pretty tight. It might now be safer due to all the port scanning.

Excessive port scanning is abuse, but your ISP isn't going to address it, only the other guy's ISP is going to because that is where it originates, and only they can threaten to pull their access if they don't stop it. Efforts on this end are useless; keep hammering their ISP and their company, but don't expect a lot of result.

Comment Re:The first time didn't help. (Score 2) 265

Expect the CEO to send it to IT because he doesn't understand it, and for it to simply disappear. CEOs are about making money, they don't like being the complaint dept. unless it is a complaint from a huge customer that is threatening to not give them money. They don't make the big bucks because they can deal with port scans.

Comment Re:Another day, another future battery tech story (Score 4, Insightful) 151

Great idea, and as soon as you suspend all patents, every company trying to make money off of this will say "fuck it" and go do something else.

Greed is a bitch, but it can drive innovation. The whole idea of patents is that you have to give your invention away after 17 years, so society has benefited greatly by the patent system. It isn't perfect (like stupid software patents, which aren't "things"), but you fix a system, you don't erase it and all the gains.

Slashdot Top Deals

The person who's taking you to lunch has no intention of paying.