Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Other things which are probably true (Score 1) 85

Humans working in government are probably not listening to your unencrypted phone calls or reading your unencryped emails.

If you forgot to lock your front door this morning, a burglar is probably not taking advantage of the situation.

Even if you skip your dog's rabies vaccinations, it probably won't get rabies.

If you drive home drunk tonight, you will probably arrive safely, and without hurting anyone else or facing serious criminal consequences.

North Korea probably doesn't intend to nuke anyone.

If you run with scissors, you probably won't trip and accidentally stab yourself.

Comment Thank-Sothoth for China (Score 1) 475

Tip: search the 'net by SoC names. Maybe start off by googling "mtk 6577 gsm android" (if, say, you use T-mobile (GSM)). There are a few others but that's a good one to start with. Check out the phones' features and prices.

Here is what you'll find, which (imho) wasn't quite the case a couple years ago: the "subsidized" prices of the carriers' phones these days, is only just barely competitive! You don't need to accept a locked phone from your carrier anymore. You don't save money -- NOT EVEN [much] UP-FRONT MONEY -- by taking the deal. (And you definitely lose money, over the long haul.)

It is outrageous that assholes in DC say you're not allowed to work on your own computer, so by all means I still advocate repealing DMCA. But in this particular scenario, it's a nearly dead issue. Locked phones will be a thing of a past soon, I think.

Comment Re:Who loves USA (Score 1) 377

When you actually talk to the people there, like myself, you find NO ONE wants to be like the US. It's just that we're all too lazy and pissed (as in beer) to bother with politics.

So you hate the government and its policies but you are too apathetic or demoralized to do anything about it. I understand. Hey, you know who you sound like? Us Americans. You people are just like us. :-)

Comment Not a Microsoft problem (Score 1) 95

Since Skype was acquired by Microsoft, both entities have refused to answer questions about exactly what kinds of user data can be intercepted..

I hate MS as much as the next guy but Skype was exactly just like that before MS bought 'em too. We never really knew how the key exchange works, and being locked into a single implementation of the protocol meant that one implementation could be doing other things independent of the protocol, so nobody has ever had any reason to suspect that it might be secure. It's got nothing to do with Microsoft or the change of ownership. Skype didn't get worse; it simply didn't get better.

Comment Re:WAIT A MINUTE! (Score 1) 514

This isn't a retroactive law; it's a retroactive not-a-law.

Pass a constitutional amendment saying "No law shall begin with the letter F."

Enact a statute: "Free pony for everyone!"

Hand out free ponies.

Take second look at statute, and the constitution, and then say "oops."

Tell everyone they each retroactively owe the government a pony.

It's pretty fucked up which is, of course, why we're talking about it. But it's not a retroactive law. It's a .. something else. Something fucked up, but not a retroactive law.

Comment Re:I Don't Get It (Score 5, Interesting) 377

They're doing it flagrantly because it's explicitly tit-for-tat. It's their way of pointedly asking "Do we have rules or not?"

Let's say you and I are sociopathic assholes, so whereas most people might have some kind of implicit social contract, and a sense of how people should act decently to one another, we're jerks and write up and agree to some formal rules. Among these rules are things like "Neither party will ever hit the other in the head with a hammer and then steal their wallet while the victim is incapacitated." Call that the WIPO rule.

We have another rule too. It's "Neither party will ever vandalize the other's car." Call that the WTO rule.

Then I go and vandalize your car, totally in violation of the rules. I don't deny it, either. Instead, I explain I had good reasons to do it. "I really wanted to vandalize your car, and it looked so vulnerable. I just couldn't help it!" but whether I had a good reason or not, you claim I broke our agreement. You might not feel all that hurt about the car, but breaking the agreement .. oh dear. We're sociopaths, but we're not uncivilized, are we?

After my amazing explanation for why I did it, you ask me: "Are you going to do it again?" and I answer "Yeah, probably. Your car still does look pretty vandalizable, and I really like vandalizing cars." You answer "What about our agreement?" and I just shrug. You ask, "Are our agreements important?" and I shrug again!!

You go see our mutual acquaintances, perhaps some people with whom I also have some agreements. They're a little concerned to hear I value our agreements so little. Will their cars be next? They think it over and say, "Yeah, Sloppy broke his agreement to not vandalize your car. You should get even."

So you do. You hit me in the head with a hammer and I wake up without a wallet. You do it openly, too. Our acquaintances nod with approval, even though you're breaking the agreement now. I ask, "How can you do that?!?"

You explain: if I think the rules are so important, and I have such a problem with being hit with hammers, THEN MAYBE I SHOULD STOP FUCKING AROUND WITH OTHER PEOPLE'S CARS.

I don't know what I'll do. I still really do like vandalizing cars. I'd like to vandalize your car again, and that other dude with whom I have a no-vandalize agreement. But I'm not sure I like this hammers development. OTOH, I don't know, maybe it's worth it. The hammers hurt and I don't like losing my wallet all the time, but the cars! Oh, the cars! That's so much fun.

Comment Re:This doesn't make sense to me (Score 1) 151

Not that we're anywhere close to terabyte flash drives.

I bet (literally, wanna?) we're within ten years.

I sometimes carry around an 8GB one, and it recently occurred to me, "Hey, this isn't really all that much bigger than the one I had in 2004. Huh. That can't be right. Wasn't that a 4GB one? Something doesn't make sense." Then I figured out my mistake. Can you guess what it was? I had the digit right, but not the unit prefix. 9 years ago, my "cool" new flash drive was 4 megabytes. This one (which is two years old and "obsolete" in some people's opinion) is two thousand times bigger. 32 GB ones are around, if I see those, that means 64 GB ones are probably on the market too. Shit, maybe I mean to say "within five years" without the pussy ten year hedging.

Comment Re:Kim Dotcom (Score 4, Insightful) 151

I was shocked to learn how much money this guy made the first time around...I suppose he hasn't learned his lesson.

Did the person who wrote the second half of that sentence, ever read the first part? Because the first part of your sentence says exactly what the lesson was, and Dotcom trying again is evidence that he did learn it.

Comment Re:so in other words (Score 1) 121

The reason this bullshit happens is that people are saying "the app" instead of "the open protocol." If Sony says "our camera let's you view and control wi--" interrupt and finish with "--with 'CamVNCp 1.0?'" and if they say anything other than YES then yawn and start walking toward next manufacturer.

If a 'feature' does not involved a documented (and preferably legal-to-implement) protocol then it does not exist. You can save thousands of dollars per year (and more importantly avoid annoyance/heartbreak) on useless gadget purchases by choosing this policy.

Comment Re:The moral of the story is... (Score 1) 107

I think what you meant to say is "If you want to be a suspected drug dealer or criminal, don't broadcast your location." And guess what: everyone is a suspected criminal.

It's almost as though so many people were suspected criminals from 1775-1789, that they banded together and forced a law to be made, to deal with government bullshit in regards to suspected criminals.

If we don't enforce such a law, then you're right: the next best thing is to close the security hole in the first place. Seriously, governments are pretty much the only entity that ever might respect a law that prohibits exploiting a security hole, so it's probably a good idea to close the hole anyway, thereby also solving the government abuse problem -- obsoleting the 4th amendment.

The kind of thinking is probably good news for my stalkee, who is .. a hot chick / John Lennon / a member of wrong race or religion or political party / insured by policies I underwrite / an advertising target / resident of a house I intend to burgle.

Comment Re:You are wrong. (Score 1) 299

[1 is complete lack of encryption, 2 is encryption with key that isn't signed by trusted introducer]

From a security point of view, 1 and 2 are equal, but then SSL is extra overhead and a false sense of security, so 1 is better

The attacker never knows for sure if the certificate has been trusted out-of-band, so their attack may be immediately detected since it might actually be a trusted cert. Sure, that's an unlikely scenario, but you'd be a fool to think that some people aren't doing it, trolling and waiting for some kind of mass-automated attack, which they will trivially detect. You can start testing the net today, trivially, if you think someone might be MitMing all self-signed certs.

Furthermore, the attacker never knows if the other side has stored the cert and will detect any changes (sort of like ~/.ssh/known-hosts). That means the attacker needs to start intercepting from the very first use of the key, and must to do it forever, or else they'll be detected. But if they have to do it from the very beginning, that's probably before they even know who is a person of interest and who isn't, and a massive attack to deal with that, opens them up to the "troll countermeasure" in the preceding paragraph. You can't fool all the of the people all of the time.

Unauthenticated encryption is vastly more secure than lack of encryption.

Anyone in a position to snoop on the traffic is in a position to redirect the traffic to themselves and provide their own self-signed cert in place of yours (give me an example of where this isn't true - there might be some but there won't be many!).

You're right that a defender must assume that's a possibility; I won't dispute that. But nevertheless, it increases the attacker's expenses and (largely, in some cases) increases the risk of them being detected. It can potentially manifest in every way from simple performance problems (e.g. coffee shop wifi is slower because someone is having to jam to keep you from getting the "original" packets) to too-many-people-knowing (e.g. it's hard to keep the existence of a whole floor in the AT&T building a secret forever).

You don't stop fighting evil simply because evil might win. You make it harder for them, which sometimes causes you to win. The burglar goes to the next house, even though, yes, he could theoretically cut through your iron bars. It's a pain in the ass to cut through them, and it takes longer, and someone might see it in progress, the owner notices the cut bars when he gets home, etc. It's so much easier and more profitable for the burglar to pick a different house.

On average, you win when you encrypt rather than not encrypt, even if you don't have good key exchange. And yes, of course it's even better if you do things right. But real life is always about degrees.

Comment Re:GET involved?! (Score 1) 383

I think you just described nearly every radio-related regulation, except maybe high-powered ones that potentially
involve cooking flesh or starting fires. ;-)

My point is that unless you're an ancient warlock who signs his letters with "Yog-Sothoth Neblod Zin," then you have never known a day in your life where government wasn't already neck-deep involved in regulating a vast host of radio-related details which don't involve protecting rights or improving public safety.

The lady and her thousandth customer are haggling over the price and you're saying she shouldn't get involved in prostitution. Right or wrong, your timing is off.

Slashdot Top Deals

You can tell the ideals of a nation by its advertisements. -- Norman Douglas