Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment Re:Why do we even go to these orgs anymore... (Score 2) 169

Because the US government has requirements about what it accepts.

You can't just implement whatever algorithm you like, then sell a router with that to the government. It must comply with whatever standard the government decided to adopt. And given that the government buys a lot of things, it wouldn't make economical sense to make equipment you could never sell to them.

This snowballs, and effectively sets a global standard for encryption. Sure, in your home you can do whatever you like, but the important thing is the security of the internet as a whole, and all of that is made of hardware and software that wants to be able to be used by the US government, and as such must support whatever standard it decides to adopt.

Comment Re:Illusion of privacy (Score 2) 224

It's got nothing to do with the private key.

NSA goes to Verisign (for instance). Says "please sign our key for google.com". Verisign signs it. NSA intercepts traffic between google.com and you. Browser deems cert as valid, as Verisign signed it, and you seem to be connecting to google.com.

The CA system is weak because so long the connection is signed by a CA in the browser's list, the browser doesn't care which it is, even if it changes on a daily basis. If you can convince any CA in the list to sign what you need, you have a way to set up a MITM attack the browser won't warn you about.

Comment Re:Illusion of privacy (Score 1) 224

The important thing isn't Google's servers, but the Certificate Authorities.

All that the NSA has to do is to get some CA to emit certificates for Google's domains. Then they can easily place themselves as a man in the middle, and the user won't notice.

No access to Google's servers necessary, then.

Comment Re:We owe our thanks to Mr. Snowden (Score 1) 366

That was in 1975. The NSA that did that isn't necessarily the NSA that exists today. Just because they did something good nearly 40 years ago, dosn't mean they have anywhere near the same ideas now.

Internal priorities, people with the ability to push their agenda, and external factors can have easily changed in that time. Hell, most of the people from back then are probably dead by now.

Also, while they did make it stronger against differential cryptanalysis, they got the key length reduced, which means that today, DES is terribly weak, and 3DES is needed to patch it up.

This fits in quite nicely in what you say though. The thinking might have been that differential cryptanalysis makes cracking much easier, but a reduced key length would still require NSA-sized resources to break.

Comment Cool, but not as awesome as the headline says (Score 3, Informative) 85

This is for positioning satellites relative to each other. The applications are things like telescopes made of several spacecraft to create a mirror larger than what is practical to launch in one piece.

But this isn't an engine that will allow a satellite to stay in orbit without fuel. They still need a traditional engine with propellant for everything besides adjusting the distance between nearby satellites.

Comment Re:Do you think that will make any difference? (Score 1) 413

> What harm comes from a corporation moving its servers out of the U.S.?

Economic harm to companies providing hosting in the US. Which are generally large companies with lobbyists that can affect US politics.

> Vote the fuckers out that approved this nonsense and reform the system back to what its mandate is/was supposed to be!

That would be lovely, but doesn't work for people who run servers in the US, but aren't US citizens. The only way we have to push the US government around is indirectly like this.

Comment Re:Do you think that will make any difference? (Score 2) 413

Anywhere else, really.

Europe seems to take this stuff a lot more seriously.

But that's not really needed. What's needed here is to put pressure on the US government, and pulling business out of the US will do just that. Even if the net is still being spied on, enough harm to US corporations will get the lobbyists' attention.

Comment Re:Ok then TURN IT OFF! (Score 2) 290

I don't want to turn it off. I want not to have it. I want it this way so that I can't possibly be counted as part of the TPM market share.

Besides, once it's there, it's trivial to remove the option to disable it, so the option likely won't be stay there for long, once it's widely distributed enough.

Comment Re:America needs to own up to its mistakes... (Score 4, Insightful) 531

No, I think America is pretty apt here.

Obama isn't the dictator of the US. Congress, lobbyists, the NSA and other people are also at fault here, as well as the general population for not being vigilant enough. This sort of thing doesn't happen just because Obama wants it, other people have to agree.

Comment Tepco is suicidal or insanely stupid (Score 4, Insightful) 163

In principle, I think nuclear power is a perfectly sound idea that can be implemented safely and reliably.

But that's in principle. In practice somehow it turns out to be managed by complete morons that even after getting involved in the center of a huge scandal, still manage to show amazing incompetence and disregard for public safety, even when they know perfectly fine that the whole world is paying attention to them, and is already extremely distrustful.

And this state of affairs doesn't do their own industry any good. It's precisely crap like this what results in the replacement of nuclear with coal.

Slashdot Top Deals

After an instrument has been assembled, extra components will be found on the bench.

Working...