Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment Re:Layers (Score 1) 109

I think the idea here is to be able to say "hello world" to your Tor proxy, and have it communicate with the network such that "n" recipients get the message, but no one knows that you just did that, and definitely don't know what you just said. You don't know who or where those recipients are, you don't know anything about them, other than you're communicating with them.

If you imagine a way where I can tell you I'm on the Tor Chat Net - I don't tell you anything about myself, but instead I generate some sort of identifier that's unique between us - some sort of key that is only useful for the two of us. You do the same for me - now we have two different, linked and unique keys. This key is used to authenticate with the network, along with a password that's unique to each of us. The network then magically connects us together and we can communicate. You can't communicate with anyone except me using they key I generated for us.

The important thing here is that I don't actually know anything about you - I don't know your name, your location or your inside leg measurement or whatever. All I have is a "key" that I communicate with. Let's say we have a mutual friend - even they can't confirm that I'm talking to you, even if I give them everything I have because the keys they use to talk to you are different from the ones I use. Sure, if it turns out that you always sign off saying "ttfn - banana gribble aardark", then we could probably say with some certainty we were talking to the same person, but that's behavioural matching, as opposed to technical matching.

Since I'm very popular, I have a dozen people in my contacts list. I have to authenticate separately to talk to each one, and so I need a way to differentiate between them. Since you've never told me your name, I'm going to just assign the human-readable name " Slashdot Friday" to you. If you ever reveal that you like to be called GeekWithAKnife, or Derrek or whatever, then I could update my nickname for you, but otherwise, all I have is some made-up name that bears no resemblance to reality.

If the NSA get the magic key that you use to talk to me, then they need to authenticate to the network with it to use it. They'd have to rubber-hose your password out of you to be able to do that, but otherwise the key is useless. Assuming they get your password, they can of course impersonate you, and arguably get me to reveal that I live at 123 Fake Street. If they then break in and make a copy of my contacts list, they can't actually be certain that you and I communicate with each other - it's not like they can just match up the keys. They'd have to rubber-hose my password out of me and then authenticate and actually see the communication working between us to be able to prove we're able to talk to each other - all that still doesn't prove we actually have been chatting though (much less what we've been talking about).

This honestly does sound like it's very cool indeed. It opens up a whole world of questions and new challenges to get over though - not least because bot nets will use this to communicate rather than anything more traceable. Making sure you're talking to the person you think you are is going to be the biggest hurdle. Arguably this has always been the case, but until this we've always been able to skip over a lot of the details and go on trust for a large part of that identification step. Not so when it's as anonymous as this would be.

PS. I thought the Snowden leaks showed that the NSA couldn't break Tor per-se. There have been cases of people being identified even though they're using Tor, but not because they were able to trace the communications to them, but rather that they gave themselves away in some other form.

Comment Re: and what about the welfare for the people auto (Score 2) 216

So we need less reliable hardware so that plenty of people have jobs...? We need to kill off the trains so that truck drivers keep their jobs? ;-)

It wasn't so long ago that the computer (word processor) put hundreds of typists out of work. Email put hundreds of post-room workers out of a job. Yet still, we don't have vast settlements of out of work typists and posties.

I don't know what the future holds, or how we'll deal with it. What I can tell you is that during the Industrial Revolution here in the UK, the world seems so unbelievably scary that the majority of the working class were absolutely pickled on gin.

My point here is that sure, there were less people required to work in the fields than before, and sure, some of them were out of work. However, where formerly there been little market for gin, suddenly there was a massive market for it. Whilst I doubt there'll be truck driver jobs for long, there'll be some other spin-off job that will take off. The net is still less people in work, but some people who are pretty lowly today will suddenly find themselves getting rich. Those rich people will need something, and so the cycle goes on.

Comment Re:It doesn't matter. (Score 1) 180

Literally 10 seconds of googling found this: https://www.osha.gov/dts/hib/h...

When I did some RF stuff at college, they talked about the possibility of a spark coming off a (high) power antenna if various other factors all came into play at the same time (intuitively it makes sense - you've got a whole lot of energy in the antenna, which you're providing an easy release for). I assume it to be true, although I've never seen it (because I don't do any RF work to speak of).

I'd imagine that way-back-in-the-day, the first generations of mobile phones were literally hand-held cookers. There was some story where some BT engineers were going a bit doo-lally and it was supposed their phones were the cause. I don't know if that's true, but I do know that modern phones use a lot less power than their older counterparts, so I presume the risk of sparking to be as good as zero these days. I still wouldn't want to find out I was wrong in the presence of petrol fumes that ignite rather easily though.

As for this study, it's really saying exactly what we expect them to say. There was no way a 'proper' study was going to say there was any risk using a phone. As I say though, I'm rather glad I didn't have one of the first generations of phones - I seriously doubt they were safe in the longer term (and no, I can't prove it).

Comment Re: Why is anything accessable on the internet reg (Score 1) 248

Both wrong.

If the book contains obviously non-public information, then, as soon as you realise this, you're not allowed to read any further, and you're not allowed to re-publish any of it, and you should notify the home owner of the problem. This guy didn't do any of those things, even though he knew the files to be non-public, that's why they prosecuted him.

If he's downloaded a bunch of files, read them, and then told the agency that these files were publicly accessible and that he'd deleted the copies he had of them, he'd have been just fine. He knew they were non-public, but decided to make them public by republishing them. That's what made him a criminal.

One could argue that had he done the right thing, they'd have come after him anyway. That may be true, and one would hope that he'd be acquitted rather rapidly with the prosecution given a strong ticking off by the judge. I doubt it would be quite as happy and rosy as all that, but at least this guys would have had morality on his side.

Comment Re:No you're not, but.. (Score 1) 158

I don't really care who wrote it, but I do care who spec'ed it, who tested it and who's got plenty of money that they don't want to lose when it goes out to the public.

The point here is that you can actually have an out-sourced programming goon from elbonia write the code, or you could have the genius aliens from the planet Zod do it for you. You still need to test it actually works. Since you can't trust a vendor to test their stuff responsibly enough, you have to have anti-vendor weapons, like being able to strip them of their money/assets/etc when they make a mess of it. You could have a third party do the testing (like government regulators), but they tend to be pretty inept and a lot less accountable.

As for whether everyone should code or not - everyone should, just as everyone should learn to speak in a second language. You don't need to become fluent and able to blend in any situation, but having a passing knowledge of it makes you a more rounded person, and thus more able to think in different ways as the situation demands. Whether or not you actually do any coding or not in your future life is largely irrelevant.

Comment Cedexis (Score 1) 213

Sorry if this looks like I'm a shill...

At $werk we had a company called Cedexis come in to see us. They have a service where they 'ping' their customers infrastructure from end-user's web browsers. The idea being that $user on $provider hitting $cloud gets different service levels for different values of $provider and $cloud (where $cloud can be anything, including your own datacentres). Thus, if $provider == Verizon, then maybe using MS Azure is better than AWS. If that was the case, then Netflix could use Cedexis to automatically route Verizon customers to Azure at the times of day when Verizon do their throttling, whilst leaving everyone else on AWS. It's actually possible to see what they would be doing for you right now on their website (they publish the core data publicly).

I realise this doesn't solve the problem, but it works around it. Solving the problem means telling Netflix their service sucks and you're leaving, whilst doing the same to Verizon. Once Netflix starts hurting, they'll start lobbying, and once $other_provider starts doing better than Verizon, maybe they'll rethink their approach. Maybe.

Comment Re:Conspiracy to speed (Score 1) 457

Just be be pedantic, it's more like telling a drug dealer "flush your stash because a cop is coming". Telling other people to slow down reduces the amount of crime taking place, and thus the danger on the roads. Simply hiding your stash doesn't reduce the amount of crime taking place - just the amount of detection.

Comment Re:Slashdot! (Score 1) 361

I'm amazed it took so long for someone to mention /. My first thought when reading this was "please do our market research for us".

I wouldn't pay for /. as it stands. I come here for 'infotainment', which I can happily get elsewhere, although maybe not in such a succinct form. /. lacks any really grab-you-off-your-chair news that I can't possibly live without, and lacks the editorial quality to ensure that the normal float of news is well curated. /. is a news aggregator, and so will never 'break' news as such. Paying for /. just pays for crap editors to do a crap job. Curiously, much like some "real" news outlets.

Taking The Guardian (as some people above have highlighted it) as an alternative. Here you have actual investigative journalism, and not much fear when it comes to sticking on in the eye of various governments. I'd pay for that, but I don't want to pay for the day-in-day-out stuff they do in between times.

I don't know what the solution is - maybe it's micropayments, or maybe it's a whole new way of doing news (maybe something slashcode based, but actual articles not aggregations?). Either way, paywalls aren't it.

Comment Re:slashdot... (Score 2) 347

...and yet, it could have been a nerd story, if only they'd have given up a bit of bias. I don't eat from the super bowl, but I'm lead to believe that Goldieblox advertised on it: http://techcrunch.com/2014/02/...

Surely engineering/tech toys for girls *is* news for nerds? Why on earth would you run a story about advertising on the super bowl without mentioning it, not least because it didn't cost them millions to put on.

#slashdotsucks

Comment OSM - Maps+ (Score 1) 118

I checked out OSM after the last /. story on the subject after years of forgetting about it. I checked out where I live (a small village), and sure enough there were some crazy errors (eg. a circular road not connected to any other - I'd love to see something like this in real life!), but a couple of minutes with the mouse and they're all fixed now. I also added in some extra detail I happen to know quite well.

What I'd like to see is what my TomTom and g-maps and as far as I know everyone else lacks - I'd like to add some meta to the roads. For example, a road might have a 30mph speed limit, but it's got mountainous speed humps every 50 yards, so it's a really crappy cut-through. Roads near me often lack pavements - that could be really handy to know when I'm out running, or taking the kids out in their push chair (or in the future, on their scooters, roller-skates or whatever). Single track roads can either be easy or hard to drive down - if there are lots of good sized passing places that aren't a matter of trying to put your car into an overgrown hedge, then it's easier than those roads that have high hedgerows either side and very few passing places. I could go on to poor visibility junctions, blind corners where people driving in the opposite direction always seem to be in the middle of the road, and countless other phenomena that would be really great to know about on a map. I'm sure you get the idea.

So anyway... I've told the Internet what my wishlist is. I dare say it'll all be implemented by the end of the week ;-)

Comment Re:Smurftastic! (Score 1) 144

> the more you understand how good these guys are at spycraft

Actually, I disagree - they're not targeting very well at all. If they were going after specific individuals, whom had been selected by some proper surveillance and intelligence gathering then I'd say they were really good. As it is, they're just a very large version of 'grep'.

I'll bet I can find a terrorist if you give me every email and text message ever written and the details of every Angry Birds game ever played. The only difference between me and them is they've got virtually limitless amounts of money and don't have to worry about getting caught.

Slashdot Top Deals

"Little else matters than to write good code." -- Karl Lehenbauer

Working...