Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: A Good Thing but for bad reasons (Score 1) 98

by danheskett (#49198035) Attached to: Apple, Google, Bringing Low-Pay Support Employees In-House

This is probably a good thing, but the most likely reason to do this is to juice their diversity numbers. Both companies have problems with diversity and by bringing in lower skilled, lower paid workers to the corporate fold, they will immediately increase the number of minorities on staff.

Next reporting period, when they disclose their racial and ethnic diversity numbers, look for a big jump in the number of minorities on staff.

Comment: Waiting for the "This is why.... (Score 1) 247

by ScottKin (#49195511) Attached to: How Activists Tried To Destroy GPS With Axes

....we can't have nice things" sub-thread in 5....4....3....2....1.... .....oh, wait.

Seriously, though - these are the kind of people that just make me want to walk up to them and just stare at them, wide-eyed, for about 2 minutes and calmly say "What is wrong with you". These are the same kind of people that used to throw rocks at my car when I drove up the hill to 1 Cyclotron Drive in Berkeley to work at Lawrence Berkeley Lab in the 80's - total nut-jobs who, despite their obviously misguide attempts at trying to make the world a "better place", are utterly clueless as to making the world a truly "better place".

Comment: Re:What it really reveals (Score 1) 112

by danheskett (#49134623) Attached to: TrueCrypt Audit Back On Track After Silence and Uncertainty

True, you didn't built everything from source, but you were happy enough that everything traced back to "the" sources to make you feel secure. That's a lot more protection than anything from a commercial vendor, who probably just sold you formulaic encryption without any extra work to make you feel secure. Your data would have been more secure, if not actually secure, but you'd have felt it less, because really you have no way of knowing. So without somebody taking the extra time to make you feel secure, you naturally wouldn't feel it very much, if at all.

The problem is that there is no conceivable way to do what you are saying. It involves compromising or proxying disparate traffic, expertly.

And then, after all that, it would involve rooting an otherwise secure installation that is barely network connected, and using that to inject what, defects into the right sources so that the resulting binaries are weak or exploitable?

I agree that the NSA, CIA, and FBI have extraordinary capabilities, but the attack vectors that have thus far been revealed are the same attack vectors that security researchers have known and published for a long time - firmware, obscure libraries that are often used but seldom examined, zero-day exploits of popular software, mathematical flaws in encryption implementations, and physical security and chain of custody.

All of which is to say, the basic landscape of the threat has not changed much in 20 years. It is sophisticated, but as always, a strong layered defense and strong procedures and policies will minimize the possible impacts, exploits, and severity of breaches (if they occur in the first place). There are few things more secure than a well maintained GNU/Linux or OpenBSD box running in the wild.

Comment: Re:Actually, ADM Rogers doesn't "want" that at all (Score 5, Insightful) 406

by danheskett (#49121185) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

If, on the other hand, you live in a world where simply crying "Encryption!" is some kind of barrier that magically sanctifies the underlying data, and that it then cannot and should not ever be accessed by anyone other than the data owner...well, then I would ask what you think about the German and Japanese codes in WWII?

I think it's deeply sick that our government or anyone would equate our foreign, Congressionally declared, military enemies locked in nearly unrestrained warfare with the private effects and papers and their electronic equiavlents of it's peaceful citizens.

The law and Constitution (as interpreted and implemented by our system of government) are the constraints -- not specific technological capability.
Disagree. The Constitution recognizes an inherent right - that of a person to be secure in his person and papers from unreasonable search and seizure of his person and those effects. That natural right, along with the natural right to be held personally inviolate (i.e. not tortured) are the dual foundations for the presumption that encryption keys, like secrets ensconced in your memory, are immune for the government's attempts to ascertain them.

What he "wants", when US-based companies hold data that still can technically be accessed for legitimate foreign intelligence purposes supported by our system of law, is that a legal framework should allow for it. When it can't be, it's up to NSA to determine other mechanisms to access that data.

It is impossible to know hat the NSA, or any government agency, actually wants. There is no legal nor oversight mechanism that will force them to disclose that information to you, or me, or even to their Congressional overseers, or even to other members of the Executive branch. They have demonstrated lawlessness at the highest levels and vast dishonesty, using every legal, regulatory, judicial, and yes extra-legal mechanism possible to avoid operating transparently. Whatever the intention, whatever the reason, it is beyond question that civic minded citizens should believe any pronouncement, no matter how clearly worded it appears to be, from the Executive branch. When the Director of National Intelligence says point blank they are not collecting records of millions of Americans, it is not simply a matter of redefining away the words. It's lying. Without punishing those who deceive American citizens and especially Congressional oversight, we must only be left to assume that the NSA operates outside of the realm of the rule of law, and because of that, we must act accordingly.

Even if it means a massive terrorist attack on US soil, even if means the collapse of the government, or invasion, or a mushroom cloud over a major US city, we have to resist the presumption that any agent of the executive acts without oversight and accountability.

Comment: Re:What it really reveals (Score 1) 112

by danheskett (#49096941) Attached to: TrueCrypt Audit Back On Track After Silence and Uncertainty

I don't know how true this.

I had a high-security/high-trust scenario, and I ended up bootstrapping a machine from source-built binaries, and then building a compile system. I used the compile system to verify that binaries I was using from the official Debian distribution checked out from the various original sources. True, I did not built everything - literally everything - from source, but I was happy enough that everything was traced back the sources enough to make me feel secure. That's a lot more protection than anything from a commercial vendor.

Comment: Re:"Support" != actually sacrifice for (Score 1) 458

by drsmithy (#48950719) Attached to: Most Americans Support Government Action On Climate Change

All taxes get paid by the people purchasing products and services.

Taxes are paid by those against whom they are levied.

Those entities may try and recover that cost elsewhere. They may or may not be successful in doing so.

If you tax only the rich, the poor will pay the differences.

So you don't think anyone will step in and provide equivalent products and services at a lower cost than established players because they're prepared to accept a smaller profit margin ?

Ie: markets don't work ?

There are plenty of rich people who don't own and run businesses, or have substantial income and wealth outside of their business interests.

and no, you cannot address that with any legislation because congress does not have the power to do so.

Firstly, the world is not America.

Secondly, even in the US, between local, state and federal Governments, they can legislate nearly anything they want to. If, of course, they want to. But there's been little interest in trying to build a better society since the neoliberal right took over the western world in the '70s and started pursuing the greatest wealth transfer from the

Comment: Re:Free Market at Work (Score 1) 277

by drsmithy (#48945795) Attached to: Indian Woman Sues Uber In the US Over Alleged New Delhi Taxi Rape
Want to see real change and justice? Talk to the actual owners of Uber and see if you can convince them to make a better company.

Uber is run by libertarian psychopaths. Their thought process - though they would obviously never say it in public - is "nobody made you get into the taxi, tough luck".

Even the slightest voluntary attempt to try and ameliorate the risk involved would be an anathema - "nanny state regulation" or some such bullshit - to them.

Comment: Re:Uber does as well, or better (Score 0) 277

by drsmithy (#48945777) Attached to: Indian Woman Sues Uber In the US Over Alleged New Delhi Taxi Rape
Probably better because who can say how many cab drivers make it in via political favors?

Given the life and pay of a taxi driver, I'd go with "sweet fuck all".

People calling in "political favours" to be a *taxi driver* ? Did you even think about that before you wrote it ? Do you think garbage collectors get jobs through "political favours" as well ?

Comment: Re:It does fly, because it works better (Score 0) 277

by drsmithy (#48945763) Attached to: Indian Woman Sues Uber In the US Over Alleged New Delhi Taxi Rape
The problems in the taxi industries worldwide have nothing to do with regulations around safety, and everything to do with the regulations around taxi plates (or "medallions" I think they call them in the states).
Uber vehicles should be required to carry the same safety facilities as a taxi, including video/audio recording and driver duress buttons.
This sort of situation and the absurdly trivial solutions for reducing its risk (what's the cost of a few dash cams ?) were entirely predictable and the only reason Uber did not act proactively was because it's a company run by libertarian psychopaths who think rules shouldn't apply to them.

"What is wanted is not the will to believe, but the will to find out, which is the exact opposite." -- Bertrand Russell, _Sceptical_Essays_, 1928

Working...