Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Last straw? (Score 4, Interesting) 127

Finally, someone uses their brain. Sure, we could send a big army over there and stomp them into the ground. But then what?

And if anyone thinks Saddam's dead-enders were a big headache, what do you suppose a bunch of religious zealots will be?

Cue Mencken on problems and solutions.

Comment: Re:What it really reveals (Score 1) 112

by danheskett (#49134623) Attached to: TrueCrypt Audit Back On Track After Silence and Uncertainty

True, you didn't built everything from source, but you were happy enough that everything traced back to "the" sources to make you feel secure. That's a lot more protection than anything from a commercial vendor, who probably just sold you formulaic encryption without any extra work to make you feel secure. Your data would have been more secure, if not actually secure, but you'd have felt it less, because really you have no way of knowing. So without somebody taking the extra time to make you feel secure, you naturally wouldn't feel it very much, if at all.

The problem is that there is no conceivable way to do what you are saying. It involves compromising or proxying disparate traffic, expertly.

And then, after all that, it would involve rooting an otherwise secure installation that is barely network connected, and using that to inject what, defects into the right sources so that the resulting binaries are weak or exploitable?

I agree that the NSA, CIA, and FBI have extraordinary capabilities, but the attack vectors that have thus far been revealed are the same attack vectors that security researchers have known and published for a long time - firmware, obscure libraries that are often used but seldom examined, zero-day exploits of popular software, mathematical flaws in encryption implementations, and physical security and chain of custody.

All of which is to say, the basic landscape of the threat has not changed much in 20 years. It is sophisticated, but as always, a strong layered defense and strong procedures and policies will minimize the possible impacts, exploits, and severity of breaches (if they occur in the first place). There are few things more secure than a well maintained GNU/Linux or OpenBSD box running in the wild.

Comment: Re:Oh bullshit! (Score 1) 317

by DaHat (#49123779) Attached to: FedEx Won't Ship DIY Gunsmithing Machine

They are a private company that has a published set of terms and conditions.

Can a baker, florist or photographer put forth a set of terms and conditions with regards to what kind of events they will provide services for?

The courts have been saying no for a while now in the case of some events they may disagree with: http://www.huffingtonpost.com/....
http://www.washingtonpost.com/...
http://www.huffingtonpost.com/...

It is an interesting world where some people/companies are compelled to provide services equally (if they want to remain in business), while others are given a pass.

I'm still waiting for a case like this to happen in the US as it would be rather entertaining viewing: http://www.nationalreview.com/...

Comment: Re:Actually, ADM Rogers doesn't "want" that at all (Score 5, Insightful) 406

by danheskett (#49121185) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

If, on the other hand, you live in a world where simply crying "Encryption!" is some kind of barrier that magically sanctifies the underlying data, and that it then cannot and should not ever be accessed by anyone other than the data owner...well, then I would ask what you think about the German and Japanese codes in WWII?

I think it's deeply sick that our government or anyone would equate our foreign, Congressionally declared, military enemies locked in nearly unrestrained warfare with the private effects and papers and their electronic equiavlents of it's peaceful citizens.

The law and Constitution (as interpreted and implemented by our system of government) are the constraints -- not specific technological capability.
Disagree. The Constitution recognizes an inherent right - that of a person to be secure in his person and papers from unreasonable search and seizure of his person and those effects. That natural right, along with the natural right to be held personally inviolate (i.e. not tortured) are the dual foundations for the presumption that encryption keys, like secrets ensconced in your memory, are immune for the government's attempts to ascertain them.

What he "wants", when US-based companies hold data that still can technically be accessed for legitimate foreign intelligence purposes supported by our system of law, is that a legal framework should allow for it. When it can't be, it's up to NSA to determine other mechanisms to access that data.

It is impossible to know hat the NSA, or any government agency, actually wants. There is no legal nor oversight mechanism that will force them to disclose that information to you, or me, or even to their Congressional overseers, or even to other members of the Executive branch. They have demonstrated lawlessness at the highest levels and vast dishonesty, using every legal, regulatory, judicial, and yes extra-legal mechanism possible to avoid operating transparently. Whatever the intention, whatever the reason, it is beyond question that civic minded citizens should believe any pronouncement, no matter how clearly worded it appears to be, from the Executive branch. When the Director of National Intelligence says point blank they are not collecting records of millions of Americans, it is not simply a matter of redefining away the words. It's lying. Without punishing those who deceive American citizens and especially Congressional oversight, we must only be left to assume that the NSA operates outside of the realm of the rule of law, and because of that, we must act accordingly.

Even if it means a massive terrorist attack on US soil, even if means the collapse of the government, or invasion, or a mushroom cloud over a major US city, we have to resist the presumption that any agent of the executive acts without oversight and accountability.

Comment: Re:Christopher Alexander (Score 2) 81

by bmajik (#49116567) Attached to: Ancient and Modern People Followed Same Mathematical Rule To Build Cities

The last quarter or so of the patterns deal with interior space, but i think you might find it problematic to just apply them in isolation.

The patterns are meant to be applied in order, from largest effect with least detail, to smallest effect and highest detail.

So, for instance, if you take room that doesn't have "light on two sides"

http://www.patternlanguage.com...

there may not be much you can do, interior design wise, to save the room, without first trying some of the suggestions he has for how to deal with the lack of windows...

"It's when they say 2 + 2 = 5 that I begin to argue." -- Eric Pepke

Working...