Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:No. It won't be (Score 1) 90

I think the hold up is that ARM needs to be comparable in terms of computing power to Intel. Right now ARM's great as a low power platform (though Intel is seriously catching up) but Chromebooks are a very conspicuous case where ARMs are used in an environment they're almost never seen in.

I don't think the problem is the ABI. Apple has solved that three times before, 68K to PowerPC, and PowerPC to ix86 and ix86-64. The solutions weren't beautiful, but they worked. And the PowerPC to two different Intel APIs transition occurred with the current generation of operating system.

If ARM makes sense, they'll switch to it. I just don't see why they would - yet.

Comment Re:Wow. Talk about misreading, and missing the poi (Score 1) 94

Yeah, and guess what?

Smith v Maryland (1979) says that phone call records, as "business records" provided to a third party, do not have an expectation of privacy, and are not covered by the Fourth Amendment. And the only data within that haystack that we care about are the foreign intelligence needles. I know that's difficult to comprehend, but it's the law of the land, unless and until SCOTUS reverses that ruling. And they very well may.

Until that happens, "We're pretty aggressive within the law. As a professional, Iâ(TM)m troubled if I'm not using the full authority allowed by law." -- General Michael Hayden

Comment Re:Why the lack of interest? (Score 2) 130

I'm not sure there's ever been that much interest. It's more of a theoretical standard, useful for people packaging binaries with hard coded paths, but even that isn't particularly useful right now. The LSB lost credibility from the Debian side from the start by picking the rival RPM as the packaging manager, and while I gather that different was papered over in time, the other fundamental issues - differing library versions, different standards for inclusion, etc - that prevent the concept of a "universal" package never got resolved.

It's probably a good thing it's going, a bad mostly ignored "standard" is probably worse than no standard at all, as it leads developers to make assumptions about what's available that they probably shouldn't.

Comment Re:Correct. Including the US government. (Score -1, Troll) 94

Here's your mistake, and the mistake of everyone who thinks the way you do:

You cherry-pick examples of abuse -- and that's exactly what it is, illegal abuse -- and extrapolate it, in your mind, to being a systemic problem. You imagine it's happening all the time, and that people just sit around at their desks looking up their friends, girlfriends, neighbors, and ex-spouses for fun.

You then cherry-pick completely unrelated, long-ago-condemned examples of things that happened decades ago under the Hoover FBI, which is about 180 degrees opposite from what NSA does for foreign intelligence, and before there was any semblance of anything that could remotely be called intel oversight, and pretend it's exactly the same.

Your mistake is that you think isolated examples of abuse are not isolated, without proof; then you believe that any such examples indicate what, to you, is obviously a systemic, widespread problem. Abuse will ALWAYS happen, and it will never stop. This is true at all levels of government, and anywhere a human being exists. The answer to that is oversight (something you also think doesn't exist, but is actually so overbearing and restrictive that if you could actually witness it, you wouldn't believe it), not removing any authority that "could" be abused, because then we would necessarily have to remove them all.

Yes, intentional abuse, unintentional abuse, simple mistakes, human or machine error, and all manner of things happen in intelligence work. And those errors are such a vanishingly small proportion of what NSA does that it is nearly zero -- and they are still taken seriously. In fact, this is one of the single most important things drilled into anyone doing foreign SIGINT, military or civilian, every single day. It's not some kind of a joke.

I hate to break it to you, but how things actually work might disappoint you if you think there is rampant abuse everywhere.

Comment Wow. Talk about misreading, and missing the point. (Score 0, Troll) 94

And there you have it ladies and gentlemen ... you have nothing to fear if you have nothing to hide.

No. That's not what I said, at all.

What I said was -- all arguments about crypto aside -- was precisely what I said:

If you're an American (or frankly, any innocent person) anywhere in the world who isn't an active member of a foreign terrorist organization or an agent of a foreign power, the Intelligence Community DOES NOT CARE ABOUT and actually DOES NOT WANT your data.

That is in no way, shape, or form akin to saying, "you have nothing to fear if you have nothing to hide." It is not making an argument that the government "should" have your data. It is saying that the Intelligence Community, in the form of the foreign intelligence agencies, does not want your data -- doesn't want to touch it, doesn't want to see it, doesn't want to read it, whether it's encrypted or not. And no, using crypto does not "make you a suspect". (And the FBI doesn't want the data of innocent people, either. What the FBI wishes for is a state of affairs where criminals for whom exist actual individualized warrants wouldn't be able to employ the digital equivalent of an impenetrable fortress, out of reach of the legitimate authority of enforcement mechanisms in a democratic society. But it may have to come to terms with that reality.)

If you believe you defend these things by undermining what they actually mean, then I'm afraid you don't deserve to have these things defended since you've already given up on them.

Talk about missing the point. You are basing your entire argument on a false premise, and false assumption of what you believe my argument to be; namely, that we should be giving up our rights in order to protect them. Not only am I not making that argument, I am making the precise opposite: that if you believe those rights are important, you need to understand that we can and do take steps to execute military and intelligence actions against our adversaries, whether they be terrorists or nation-states.

You crow about all these rights you think you and Americans, collectively, have "given up", when in reality, nothing substantive has actually changed (oh, I realize you think it's changed, and that you're living in a borderline police state). You believe your rights are being trampled, when you are, from a real and practical standpoint, more free while living in organized, civil society than any other people throughout history -- at least as free as is possible without living in a vacuum with no connection to humanity.

You hold out WWII codebreakers as heroes, practically idolizing them, and vilify the modern day equivalent, while ignoring the reality that US adversaries coexist in the same web of global digital communications as we do, utilizing the same devices, systems, services, networks, operating systems, encryption standards, and so on, and then act surprised when elements of the US government actually dare develop ways to exploit those systems, just because Americans also happen to use them -- totally misunderstanding the landscape.

This is exactly what I am talking about when I say people need to gain some perspective on history, or reality. Either would do.

Comment Not sure I buy his argument (Score 1) 143

I strongly agree that the FCC should not ban aftermarket firmware and I am involved (albeit in a minor capacity) in OpenWRT development. However, I don't buy ESR's argument about why. He states that "The present state of router and wireless-access-point firmware is nothing short of a disaster with grave national-security implications," and his argument revolves entirely around us needing the ability to fix the situation. Unfortunately, we do have the ability to fix the situation today, with loads of flashable routers out there and many choices for quality after-market firmware, but we're not actually doing it at any meaningful scale. Even among routers that can run a superior after-market firmware, only a tiny fraction actually are. Of the ones that are, even fewer are regularly updated to address security concerns. If we're not solving the problem today when we do have the capability, how are we made weaker if the capability is taken away from us?

Comment Correct. Including the US government. (Score 2, Insightful) 94

And two former DIRNSAs agree.

So does ADM Rogers -- except that every interpretation of various US officials' arguments on encryption wildly conflate multiple issues (such as domestic law enforcement, which can and does sometimes have a foreign intelligence connection, and foreign signals intelligence purposes), or utterly misunderstand the purpose, function, and targets of foreign intelligence.

Yes, I know you (not OP, the "royal you") think you know it all, because you have taken things you think of as "proof" utterly out-of-context with zero understanding about things like foreign SIGINT actually works, and have seen 3-4 unrelated pieces of a 1000 piece puzzle, with some of those pieces actually parts of different puzzles, and believe you have the full picture.

People continually and willfully seem to want to forget or ignore that actual, no-shit foreign intelligence targets also -- gasp! -- use things like iPhones, Gmail, Hotmail, WhatsApp, and so on. And, when foreign intelligence targets use these modes of communication, amazingly, we actually want to target them.

If you're an American (or frankly, any innocent person) anywhere in the world who isn't an active member of a foreign terrorist organization or an agent of a foreign power, the Intelligence Community DOES NOT CARE ABOUT and actually DOES NOT WANT your data. Sounds crazy and bizarre for foreign intelligence agencies to care about things like foreign intelligence, I know, but it's true. Weird!

I guess it's easier to believe that functioning democracies* all are constantly looking for ways to illegally spy on their own citizens who have done nothing wrong, rather than to believe that intelligence work in the digital age where the only distinction is no longer the physical location or even the technology used, but simply the target -- the person at the other end, is actually extremely complicated, and not fun.

* If you don't think the Western liberal democracies of the world are worth a shit, or laugh at the term "functioning democracies" when used in reference to the US, warts and all, that simply means you have lost all perspective of reality, and are part of the problem. And it will be to our peril, because there actually are governments in the world who do spy on their own citizens, and wherein the people don't have anywhere NEAR the level of freedoms we have, no matter how terrible you think we are. And guess what? It's our national security and intelligence apparatus that we use to defend ourselves. If you're now so jaded that you don't actually believe the US and its allies, and their principles, are something worth defending and fighting for, then everything I have said here means nothing to you anyway. Just be advised that your perception of history and reality is fatally skewed.


First Successful Collision Attack On the SHA-1 Hashing Algorithm ( 69

Artem Tashkinov writes: Researchers from Dutch and Singapore universities have successfully carried out an initial attack on the SHA-1 hashing algorithm by finding a collision at the SHA1 compression function. They describe their work in the paper "Freestart collision for full SHA-1". The work paves the way for full SHA-1 collision attacks, and the researchers estimate that such attacks will become reality at the end of 2015. They also created a dedicated web site humorously called The SHAppening.

Perhaps the call to deprecate the SHA-1 standard in 2017 in major web browsers seems belated and this event has to be accelerated.


Iran-Based Hacking Crew Uses Fake LinkedIn Profiles In Espionage Attacks ( 40

An anonymous reader writes: The Iranian hacker group Cleaver has been directing a cyber spying campaign at bodies in the Middle East across a network of fake LinkedIn accounts. It is thought that the threat actors were using the professional platform to gather intelligence using six 'leader' profiles, each with over 500 connections, and a collection of 'supporter' accounts. According to Dell researchers, recruitment advertisements and skill endorsements from 'supporter' accounts were used to boost credibility. Perhaps they're after the New Yorker crowd, too.

Uncertain fortune is thoroughly mastered by the equity of the calculation. - Blaise Pascal