Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment Re:Colour me not surprised (Score 3, Interesting) 362

Given the NSA budget, and how much additional they could be getting through Black Box projects we don't even know about, they can afford to recruit some really top notch people. Like, say, an Air Force Chief Warrant officer with an existing Top Secret clearance, a bunch of tech skills and a flawless 12 year history (we could go 20, but lets keep our hypothetical spy young enough to blend in with mid-level tech managment), pay for a couple of years full time training on just the things they want, pay them a salary competitive with a small corp CEOs, and put 10 existing people on falsifying a tremendous amount of background info for the few weeks hat would take. I'm not saying they did that here, but they have the resources if it's that high a priority to them.
            Seriously, the way to get a real life James Bond is to find somebody who looks fairly close in the Navy Seals or MI6, a Blackwater style contractor or whatever, somebody who seems highly motivated by the cause you want to employ them at, do additional background checks before you even approach the candidate, and if he or she checks out, then throw lots of money at retooling them into an Uber-agent. If you don't need combat skills, some of the best agents for business infiltration are prosecuting attorneys or accountants who have made a go at starting or running some business of their own. You can figure from this what sort would be attractive to the NSA for infiltrating a software business.
            The A.C. you responded to is admittedly not coming off as the sort of person who could spot even a basic mole (hint: there's never a bunch of other people instructed to keep silent, or even a few. At most, one person well above the spy in the civilian organization knows that it was strongly hinted he should hire this person and not ask too many questions.).
            If you mean that anybody competent to do software engineering should be able to put together a proper list of who has the physical access needed to put back doors in properly secured development code, then you may be correct. It's a reach, though, to think an engineering degree or even years of good work in the field qualifies a person to narrow that list down.
             

Comment Re:Sigh... (Score 1) 61

Others have already pointed out he did it as an art project (I admit my first response to this was also "What the fuck is the point in that?"). If you want to avoid DRM on eBooks and for some masochistic reason don't want to simply strip it - the widely-used systems are almost laughably easy to remove if you want to - it would be far easier to just take screencaps, and far more accurate since then you get a pixel-perfect representation of the page, with the subsequent improvement in OCR.

Comment This is a stupid idea. (Score 3, Informative) 200

This is a stupid idea. The 1976 consultation between the NSA and IBM over DES resulted in a stronger DES. The NSA couldn't disclose what it knew about how to easily attack the DES as it was originally proposed, and it took about 8 years for an academic researcher to understand why the original algorithm was actually weaker than the one with the proposed NSA modifications.

They are doing some rather asshole things at the moment (at the behest of the Federal Government - "We were just following orders"), but they tend not to screw with cryptography which is allowed to be on the GSA schedule when embodied in communications equipment for sale to the U.S.Military.

Comment Re:Schneiers most recent comment.... (Score 1) 236

Bruce Schneier http://www.wired.com/opinion/2013/09/black-budget-what-exactly-are-the-nsas-cryptanalytic-capabilities/ stated that "Breakthroughs in factoring have occurred regularly over the past several decades, allowing us to break ever-larger public keys. Much of the public-key cryptography we use today involves elliptic curves, something that is even more ripe for mathematical breakthroughs. It is not unreasonable to assume that the NSA has some techniques in this area that we in the academic world do not. Certainly the fact that the NSA is pushing elliptic-curve cryptography is some indication that it can break them more easily."

This is most probably correct, given the proof of the Taniyama–Shimura–Weil conjecture, thus proving Fermat's last theormen, and resulting in the establishment of the Modularity Theorem. On a related note, isn't 25519 a rational number? Meaning elliptic curve 25519 has a modular form? Meaning that Tor's choice of curve is rather subject to modular attack?

Just saying...

Comment Re:Doesn't the NRA already collect names? (Score 1) 531

... trying to arm schoolteachers. Both would be funny if The Onion wrote them. The fact that Americans really want these things is frightening.

Don't think of it as "trying to arm school teachers." The NRA never suggested that you start a program of shoving a gun into every (or even any) school teacher's hands and forcing them to carry it. What was advocated was allowing teachers to volunteer to do it, and allowing schools to establish their own requirements for training, securing weapons, etc.

In Texas where I live, the law wouldn't need to be changed to do this. Individual school districts would simply need to give specific teachers permission to carry a gun on campus, and everything would be legal.

My wife has been a public school teacher for 7 years, and a concealed carry license holder for 5 years. She enjoys shooting as much as I do, which is to say, a LOT. We go shooting regularly, and she carries a concealed weapon every day, and would have no hesitation to carry it into her classroom and lock it up with her purse, were she allowed to (currently she has to leave the gun in her car when she gets to work).

People like her are the ones the NRA is talking about when they say we should allow teachers to be armed at school.

Comment Re:WTF? (Score 3, Interesting) 56

Well, you have the first Orbital Sciences Antares launch to resupply the ISS, currently scheduled for September 17. That is a bigger rocket I believe and also should be quite a show.

Orbital's Antares team is targeting a launch time of 11:16 a.m., which is at the opening of an available 15-minute launch window.

Comment Deep Space yes, Outer space no (Score 1) 56

Both the Washington Post and the Original Poster apparently do not understand the difference between deep space and outer space.

The robotic probe, to study lunar dust, is the first rocket launched into outer space from the Virginia launch site.

From Wikipedia:

The first payload launched into orbit from Wallops was Explorer IX, atop a Scout booster, on February 15, 1961

Any orbit is in outer space, so the WaPo missed that one by almost half a century.

Comment Re:a few hours for one key would be good (Score 1) 236

It would be kind of OK if that was true.

But you are wrong, because they don't have the resources to keep ALL that traffic data. They get a LOT of traffic data.

In at least the UK they got a copy of all traffic going through a bunch of undersea cables and Germany they basically get a port-mirror from certain transit providers.

So they have a computer to look at the data to find 'interesting' stuff.

Then they store it for up to a couple of weeks. Until a request comes in for some information and a human queries the data and looks at just a little bit. Anything that looks even remotely interesting will then be kept forever.

The problem is, what are these criteria that the computer and human are using to mark stuff 'interesting' ? And don't say, it's just a computer. That computer algorithm is fed by a human too.

That is my problem with this.

Their is a paper trail of the second part, but it is secret.

Comment Re:Tongue in cheek (Score 1) 129

I'll take the pirate stuff any day of the week, because the groups that do it are small enough that reputation matters; It's their only currency.

And the problem is... lots of people release crap credited to "good" groups.

Unless you've got access to the release servers, you're getting it through a third party. You can name any pirate group and I can show you malware laden versions of their stuff as third parties decided to wrap the crap in other stuff. Or better yet, fake releases claimed to be by pirate groups.

Reputation matters. Malware authors know it and create fake files with the name of such pirate groups knowing people will distribute it for them thinking it's a real release.

In the end, unless you're in the scene and have direct scene server access, the stuff you get via torrents is just as questionable as the big guys stuff because you can't tell the relation of the uploader to the original scene release.

Comment Re:Getting tired here (Score 4, Insightful) 236

I'm going to take a stab at empowering you.
We're in a long term fight for human freedom. Long term means you may have to influence people now who can just possibly help us, or at least you, ten or twenty years down the road. Pick people who are running for minor or local offices, and need a little help, whether it's contributions or getting out the vote or going door to door. You don't have to spend a fortune or put in fifty hours a week on top of your day job to be remembered as one of those people who helped congressman X get his start in politics.
Write letters - you'ld be surprised how many seemingly major pieces of legislation draw two or three letters as they are up for debate, and how getting letters from as few as 10 or 20 people may make a congressman suddenly vote the way he now thinks the vast majority of his constituents want him to vote. Senators and Representitives may see 10,000 e-signatures on a stock electronic petition, but don't usually see even 10 actual letters. A letter thanking them for having done the right thing after it's over is even rarer.
Focus on the persons who seem like they have a good chance of making it to higher office eventually. Find out what a Farley file is, and make sure you end up in a few, in a positive way. Work on your spelling and grammer - An eloquent nutcase may be able to pass as a mainstream voter, but a mainstream voter who writes in all caps and spews sentence fragments, can definitely say something eminently sensible and still be labled a nutcase.

Here's a link for Farley Files. Politicians who make it to high office just about invariably use these, so it's always helpful to know about them. Learning to watch for signs a candidate uses the system is a way of spotting the ones who will go high enough they may someday be able to address issues like the NSA programs. It's also useful to consider in judging what a politician truly considers important rather than what he says in prepared speeches - that is, if he or she is using a file, what do they focus on.

http://en.wikipedia.org/wiki/Farley_file

Slashdot Top Deals

Happiness is a positive cash flow.

Working...