ConsumedByTV - Slashdot User

Comment Wasn't this used against broadband? (Score 1) 116

by netik on Thursday October 22, 2020 @01:51PM (#60636470) Attached to: FCC Defends Helping Trump, Claims Authority Over Social Media Law

Am I crazy here or did Ajit Pal make an excuse that the FCC couldn't make mandatory laws and regulations when they were asked to mandate broadband speeds and Net Neutrality? Or is it now that they want to modify CDA 230 suddenly it's okay?

June 2010:
The U.S. Court of Appeals ruled that the FCC has no powers to regulate any Internet provider's network, or the management of its practices: "[the FCC] 'has failed to tie its assertion' of regulatory authority to an actual law enacted by Congress", and in June 2010, it overturned (in the same case) the FCC's Order ....

Biden Announces $2 Trillion Climate Plan (nytimes.com) 134

Posted by msmash on Tuesday July 14, 2020 @02:50PM from the future-ambitions dept.

Joseph R. Biden Jr. announced on Tuesday a new plan to spend $2 trillion over four years to significantly escalate the use of clean energy in the transportation, electricity and building sectors, part of a suite of sweeping proposals designed to create economic opportunities and build infrastructure while also tackling climate change. DogDude shares a report: In a speech in Wilmington, Del., Mr. Biden built on his plans, released last week, for reviving the economy in the wake of the coronavirus crisis, with a new focus on enhancing the nation's infrastructure and emphasizing the importance of putting the United States on a path to significantly cut fossil fuel emissions. "These are the most critical investments we can make for the long-term health and vitality of both the American economy and the physical health and safety of the American people," he said, repeatedly criticizing President Trump's leadership on issues including climate and the pandemic. "When Donald Trump thinks about climate change, the only word he can muster is 'hoax.' When I think about climate change, the word I think of is 'jobs.'"

The proposal is the second plank in Mr. Biden's economic recovery plan. His team sees an opportunity to take direct aim at Mr. Trump, who has struggled to deliver on his pledges to finance major improvements to American infrastructure. Republicans are sure to criticize the proposal as an attack on jobs in the energy sector -- but the plan will also test whether Mr. Biden has found a way to win over environmental activists and other progressives who have long been skeptical about the scope of his ambitions on climate. His plan outlines specific and aggressive targets, including achieving an emissions-free power sector by 2035 and upgrading four million buildings over four years to meet the highest standards for energy efficiency. The plan also calls for establishing an office of environmental and climate justice at the Department of Justice and developing a broad set of tools to address how "environmental policy decisions of the past have failed communities of color."

Comment Re:Why? (Score 2) 39

by netik on Wednesday June 17, 2020 @02:30PM (#60193912) Attached to: Zoom To Launch End-to-End Encryption For All Users -- Not Just Paid Accounts

Because when Zoom gets a subpoena, they want to be able to turn over your information to Law Enforcement. It's as simple as that.

And I guarantee you that the E2EE has an escrowed key that Zoom has access to.

I would not trust their encryption. For starters, your client does not control the key. Zoom controls the key. In true E2EE, the moderator would generate the key at the start of the meeting, and the key would not be held by zoom.

From their whitepaper:
https://github.com/zoom/zoom-e2e-whitepaper/blob/master/zoom_e2e.pdf

"When a Zoom client gains entry to a Zoom meeting, it gets a 256-bit per-meeting
key created by Zoom’s servers, which retain the key to distribute it to participants as they
join. In the version of Zoom’s meeting encryption protocol released on May 30, 2020, this
per-meeting key is used to derive a per-stream key by combining the per-meeting key with
a non-secret stream ID using an HMAC function. Each stream key is used to encrypt
audio/video (UDP) packets using AES in GCM mode, with each client emitting one or
more uniquely-identified streams. "

So, this is a bit useless.

They even admit it.

"This current design provides confidentiality and authenticity for all Zoom data streams,
but it does not provide “true” end-to-end (E2E) encryption as understood by security
experts due to the lack of end-to-end key management."

Comment Re:In other words... (Score 1) 39

by netik on Wednesday June 17, 2020 @01:22PM (#60193654) Attached to: Zoom To Launch End-to-End Encryption For All Users -- Not Just Paid Accounts

Additionally: "Free/Basic users seeking access to E2EE will participate in a one-time process that will prompt the user for additional pieces of information, such as verifying a phone number via a text message. "

This isn't for anti-abuse. It's to have something to give to LEO (Law Enforcement.)

Comment Re:In other words... (Score 1) 39

by netik on Wednesday June 17, 2020 @01:21PM (#60193648) Attached to: Zoom To Launch End-to-End Encryption For All Users -- Not Just Paid Accounts

There's so many weasel words in that press release it blows the mind.

"This will enable us to offer E2EE (end-to-end encryption) as an advanced add-on feature for all of our users around the globe "

And why is it not on by default? Why?

Comment Re:Shoulda used an HSM (Score 1) 36

by netik on Tuesday June 16, 2020 @03:17PM (#60190068) Attached to: South African Bank To Replace 12 Million Cards After Employees Stole Master Key

Unless it was really poorly configured (completely possible), you're not supposed to be able to extract "master" keys from an HSM.

The article, sadly indicates: " It was compromised “after being stored in clear text on one laptop (at a minimum) and remains compromised to the present day,” the report said."

The previous comment was right, stupid knows no bounds.

Comment Shoulda used an HSM (Score 4, Informative) 36

by netik on Monday June 15, 2020 @08:06PM (#60187564) Attached to: South African Bank To Replace 12 Million Cards After Employees Stole Master Key

This is exactly the sort of attack that Hardware Security Modules are designed to stop.

You'd have to steal the box -and- have multiple users sign off on any cryptographic operations before they would be allowed to encrypt with this key. Additionally, you wouldn't be able to extract the Key at all.

Comment Re:They're right, but for the wrong reason (Score 1) 60

by netik on Thursday May 21, 2020 @03:57PM (#60087838) Attached to: Copyright Office: System For Pulling Content Offline Isn't Working

Automated abuse of the DMCA system and as you've said, shotgunning the system, is why this isn't working.

You keep crying wolf enough times and the providers will delay and ignore you.

Also, making the system work faster or "proactively" would be an affront to due process offered by DMCA counter notices. They can't have it both ways.

Comment deCentralize? (Score 1, Redundant) 90

by netik on Thursday April 23, 2020 @10:12PM (#59982600) Attached to: Internet Governance Body RIPE Opposes China's Internet Protocols Upgrade Plan

Doesn't this proposal centralize vs de-centralize the Internet?

I give this a resounding 'hell no'. Operators everywhere should refuse to route this traffic.

Comment Not the right way to do it. (Score 2, Insightful) 143

by netik on Saturday April 18, 2020 @07:42PM (#59963340) Attached to: Silicon Valley Legends Launch 'Beyond Identity' To Eliminate All Passwords

This should be handled as U2F and FIDO was handled. There shouldn't be a new company for this.

Adoption of this should be standards based and should be a cooperative effort across the industry.
(Also this sure feels like reinventing FIDO/FIDO2 for profit.)

Also, once your certificate is stolen, unless it's strongly encrypted (which, what's that? You need a password and PIN for) you're hosed. I'd really rather have a Yubikey.

Comment Re: Re-election year is always about buying votes. (Score 1) 310

by netik on Friday November 22, 2019 @03:15PM (#59443844) Attached to: No, That Mac Factory in Texas Is Not New

I nearly misread that as "he was there for the opening hour of the plant." Showing up when the place opens and opening the plant are two different things ;)

Comment Nope (Score 1) 33

by Stargoat on Friday September 20, 2019 @01:47PM (#59217008) Attached to: Traders Who Can't Code May Become Extinct, Goldman's Tech Pioneer Warns

Nope.

Computers will follow programmed Chinese walls. Traders will behave unethically / illegally whenever it suits them.

Comment Re: What are Nevada's gun carrying rules? (Score 1) 441

by netik on Tuesday August 14, 2018 @03:56PM (#57125730) Attached to: Hackers Who Attended Black Hat and DefCon Conferences Say Hotel Security Personnel Demanded Access To Their Rooms

Caesars palace does not have such locks. Additionally they made you sign a document saying they could come in the room at any time without notice.

People saying this was done without consent didnâ(TM)t read what they signed at check in.

I donâ(TM)t agree with it but there was notice.

Comment Re:Seriously? (Score 1) 359

by gnu-sucks on Wednesday April 19, 2017 @09:12PM (#54267111) Attached to: Silicon Valley's $400 Juicer May Be Feeling the Squeeze

Are any of those any good? I have the whole manual setup right now and the results are stunning, but curious if any of the automatic ones are actually good espresso machines.

Comment Chinese Wall (Score 3, Interesting) 131

by Stargoat on Tuesday April 11, 2017 @04:47PM (#54217245) Attached to: Sir Tim Berners-Lee Lays Out Nightmare Scenario Where AI Runs the Financial World

Nightmare scenario for traders, benefit for everyone else. The AI likely would have Chinese walls built into them to prevent collusion and insider trading. I for one look forward to my innately honest (and auditable/examinable) AI masters

Slashdot Top Deals