Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Name Names (Score 2) 650

The Senate Appropriations Committee supposedly did this unanimously so not a single one of these people can claim it's not their fault:

CHRIS COONS - Delaware
DAN COATS - Indiana
JACK REED - Rhode Island
JEANNE SHAHEEN - New Hampshire
JERRY MORAN - Jerry Moran
JOHN HOEVEN - North Dakota
JON TESTER - Montana
LINDSEY GRAHAM - South Carolina
MARK KIRK - Illinois
MARK PRYOR - Arkansas
MARY L. LANDRIEU - Louisiana
PATTY MURRAY - Washington
ROY BLUNT - Missouri
THAD COCHRAN - Mississippi
TIM JOHNSON - South Dakota
TOM UDALL - New Mexico

But maybe this was one of those "voice votes" where it wasn't really unanimous. It's being reported as unanimous, though, so the disgraced need to issue press releases disclaiming responsibility immediately, if they want to squirm out of this. I live in NM so I blame you, Tom Udall. Explain yourself.

Comment Re:High risk (Score 1) 390

You'd have to avoid anything with obvious wireless access, which means no lock/unlock/panic/remote start systems, and likely not even a car radio since many are on the bus as well.

Ok, you've sold me. I wouldn't miss a single one of those things. Would you?

Comment Re:Obligatory (Score 1) 227

It is, if you then disconnect half of it and move it offsite! I'm not sure that's the best way to do backups, though.

If I were this guy, I'd look into why it takes rsync so long to read the dir tree. This is one of those situations where no matter how much people say "Linux filesystems don't suffer from fragmentation," I nevertheless suspect you're suffering from highly fragmented directories. Let me guess: do you repeatedly come close to filling the disk? Maybe it's time to do this: after the next rsync, destroy your original with a new mkfs.whatever (I hope you have at least two backups) and then cp the data back to it.

Comment It's a start on addressing 10% of the problem (Score 1) 362

Reigning in rogue agencies isn't the answer to the security problem. By all means reign them in, but merely out of civics and saving tax money (our government should be working for us, not against us; all this money being spent on NSA computers could be spent on crack instead, for a net economic gain).

Yet the NSA is merely one (possibly the biggest and most powerful, but still just one) potential adversary out there. Everything they do, someone else could do. And not all adversaries are parts of your government or in any way accountable to you. We have to secure our communications, or else all of your NSA fears (whether currently grounded in reality or not) will eventually come true, but with some other name filled into the bogeyman blank. Please, after we deal with the NSA, let's not go through all this again and again. Can't we learn?

Geez, you could even argue that if we secured our comms, then foreign governments would be less of a threat to us, and the NSA's non-secret agenda would become less necessary. You don't need (quite as badly) the NSA reading the Chinese government's mail, if you start denying the Chinese government the ability to read your mail. In a way, by going to all this extra trouble to make ourselves vulnerable to snoopers, we (at least to some extent) justify the NSA! That's stupid. Even if you think the NSA is necessary (and it probably is!) the goal of all government should be to obsolete itself.

So, NSA guys, I'll at least say this: thanks for the great ciphers. Was this your plan, all along, for persuading us to use 'em? Am I going to read some day, that Clapper ordered Snowden to do what he did? ;-) I don't think it's working, but thanks for trying.

Comment Re:Please Also Note (Score 2) 148

CALEA also requires that encrypted communications be decrypted.

True, within limited context. CALEA requires that the communication providers and equipment decrypt. If you can communicate with general-purpose equipment and networks (e.g. PCs and the Internet) where your software handles things, there currently isn't any law in the US which require it be decrypted. That is why the government wants a "CALEA II," to make it illegal for people to write or use secure software, such as ssh or gpg.

The reason Skype isn't legally allowed to be secure, is that Skype software completely relies on the Skype service, and the dedicated service both falls under CALEA and and has a single point of pressure (currently: Microsoft). If the service were something generic (e.g. use any XMPP server) and replaceable, and if the client software handled the security, then CALEA wouldn't apply. Beyond CALEA itself, governments and other powerful entities can use force against software makers, so just make sure: 1) your software is not single-source; effectively this means it needs to be Free Software 2) it uses generic networks, and the software secures things at the endpoints rather than relying on the service to magically apply security (which is hilarious when you think about it).

Skype's security problems reminds me a lot of some basic strategies for computer freedom in general. While Free Software and standardized services are usually preferred because they're most likely to not work against the user' interests (and if they do, it's almost never deliberate), there actually do exist situations where a proprietary service or application may be fairly safe. The trick is to never, ever use a proprietary application with a proprietary service, combined. As long as one or the other can be replaced, you have a means of keeping the overall system "honest" and responsible to the user.

So while, for example, the iTunes application may be a rather shittier-than-average media player, it's actually fairly safe to use it as a player. Just don't use it with the iTunes store or you're risking getting into a single-source trap. Or if the iTunes store were to opens its protocols so that other applications could transact with it, it would be just fine -- just don't use the iTunes application with it. Similarly, nearly all websites are effectively proprietary (e.g. they're not running GPL3 code) but that's totally not a problem, because your Firefox or Chromium or Konqueror lack special code to screw you over, by for example, locking you into any of these websites (or, say, by leaking session keys to third parties).

The problem with Skype is that you can't use it without the Skype network. And you can't use the network without their app. Together, it adds up to an application and network which are nearly useless, because you'll never be able to trust them. CALEA is almost the very embodiment of the general problem, written into law (!) and limited to the domain of communications. You can see echos (but they're not quite as clear) of the same user-screwing idea written into other laws applying to other domains. e.g. DMCA, which is used to tie proprietary content to proprietary players, keeping users from being able to legally do things the right way (i.e. retain the capacity to "fire" their player or provider).

Comment NSA is not a special case (Score 1) 290

Whatever concerns anyone might have about the NSA, however you think they could have possibly spied on you (whether they bothered or not) your lack of security means there are a thousand other parties just like them, to whom you're just as vulnerable.


If you're worried about the NSA, and I'm not even saying that's dumb, then also worry about the Chinese, the Russians, the kid next door, and Nigerian spammers. Your plaintext is as equally visible to anyone who wants to read it. OTOH if you have your ducks in a row, then the NSA is totally confounded. That is, unless someone has already been waving that $5 wrench at you. But if that's the case, then you already know about it so the issue is moot.

Comment Re:The F-35 is not the problem (Score 1) 270

The F-35 is not the problem. There will always be people lining up to fly the newest, hottest fighter. The problem is finding pilots for slow, unarmed, propeller-driven cargo planes on the milk run into Kabul or Basra.

How are they doing on their quote of people flying a cargo plane full of rubber dog shit out of Hong Kong? Or is that more a Navy specialty?

Comment Re:F35 and F22 (Score 1) 270

Now the A-10 is a plane that should never have be retired. It WAS the primary defense against a Soviet Invasion of western Europe

The A-10 is still in service, and won't be retired until 2028 at the very least. I predict it will be the C-130 of fighter/attack craft, just like the C-130 is the Energizer of cargo planes. Just keeps going and going and going...

B52s laugh at these silly newcomers to the flying game.

Slashdot Top Deals

The "cutting edge" is getting rather dull. -- Andy Purshottam