Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment How to escape being compelled to decrypt your data (Score 2) 318

I mentioned this a few years ago and will mention it again. This is how to legitimately say that you can't decrypt your files, even though actually you can. If your laptop is seized and they want you to decrypt the TrueCrypt drive for them, do the following. (Yes, I know TrueCrypt is no longer supported; assume you're using the next-to-last version before they pulled it from the market.)

Agent: "What's this encrypted drive?"
You: "It's for work. It's confidential."
Agent: "Well, decrypt it, please. What's the password?"
You: "It's not just a password, it needs a keyfile."
Agent: "Well, type in the name of the keyfile."
You: "The keyfile's not on this computer. It's on a USB stick."
Agent: "Well, where's the USB stick?"
You: "I'm on vacation, so I didn't bring it with me." (Or, on a business trip: "I'm not working on that project at the moment, so I didn't bring it.")

And everything you say may even be true. So they can still seize your laptop, but good luck to them decrypting it.

However, the secret is this: the keyfile is actually a simple file that you can reproduce from memory. For example, on the actual USB stick, if you choose to actually make one, might be a 1 MB file with random data called "JohnSmith.key"; and also another file called "keyfile.ref", which contains the text "/mnt/media/usb/JohnSmith.key" (or "E:\JohnSmith.key" if more appropriate for your operating system). The secret is that the second file, the tiny one seeming to contain a string that points to the 1MB of gibberish, is itself the keyfile. You might even choose to keep this small file on your laptop drive itself.

In summary, two elements allow this scheme to work: your knowledge of which file is actually the key file, and the plausible denial of your possession of this file because it's supposed to be on detachable storage which you don't have with you.

Maybe if they see that they can't force you to supply a password, they won't "keep in you jail for a while."

Please help refine this by pointing out shortcomings of this scheme.

Comment Can I patch my Win7 without "upgrading" to Win10? (Score 1) 105

Agree! I am trying to decide whether to allow Windows Update on my precious Windows 7 laptop which I finally bought for work after having been subject to Windows 8 crap (I'm trying to avoid the freshly-crapped Windows 10 with which one co-worker was saddled). Never thought I'd ever actually type the sequence of characters "precious Windows" in my lifetime, but after a lot of looking, I found a laptop Dell was selling that still had Windows 7 (Dell Vostro); it comes with a "Recovery CD-ROM" that installs Windows 8, so if my Windows 7 installation ever craps out, I'll have to be dragged screaming and kicking back into the Windows 8+ world.

As soon as I got wind of Microsoft's "We'll upgrade you to Win10 for free! Whether or not you like!" scam, I disabled Windows updates. Now I have to figure out whether I want to get Win7 updated to protect me from this vulnerability, and risk having the entire system turned into a Win10 system. :sigh:

Comment Oh, Adblock+ can block Youtube ads? Thank goodness (Score 1) 97

Oh, I didn't realize Adblock+ could block Youtube ads. I thought Youtube would just serve up a video file that had the ad tacked to the front, but of course I should have realized from the conversation about skipping after 5 seconds that that was not the case. Google would of course send me a customized ad after identifying me from the millisecond timing in my keystrokes typing in the search field, and tailoring the ad to the colour of the sprinkles I use in my ice cream. Hmm, that makes me even more grateful to Adblock+.

Comment How come I see no ads on Youtube? Enlighten me? (Score 1) 97

I don't see the ads. I'm not sure why. Can anyone shed any light on this?

I watch with Firefox on Kubuntu 14.04.

Now, a lot of videos I grab via youtube-dl, which would explain no ads, but the ones I watch directly don't have ads, either. Generally these are shorter videos (under 10 min), but occasionally I'll watch 1-hour videos (e.g. BBC nature documentaries) and there won't be ads.

There are ads when my wife does it on her Mac. I was really startled to see them and thought that it was just for that video, but apparently the ads are everywhere.

I don't think it's just the type of video, as I watch everything from DIY advice to vlogs to stuff from BBC to Lego stop-motion animations.

Anyone else have no ads?

Comment So, what competitors to Amazon are there? (Score 1) 180

Even then they're not always the lowest-priced vendor. Unless it's something relatively trivial, I do shop around - lots of places either match or beat Amazon's pricing with free shipping.

This is a perfect time to ask: so, what are alternatives to Amazon.com? I know for music there's SheetMusicPlus.com, and also this Jet.com thing keeps stuffing our home mailbox with junk mail. NewEgg for electronics. And the "Clicks & Mortar" stores Walmart.com, Target.com, etc. (This is on the USA West Coast.) Anything else? Any other experiences? Does Alibaba.com ship overseas?

Comment This is how we can combat Big Brother surveillance (Score 1) 107

This is, actually, the key to fighting constant monitoring by the NSA and other three-letter agencies, I believe: generate a lot of spurious data, too much for them to store, much less analyze.

If I kept sending email of 10 MB files (I know, that's small nowadays) which were randomly generated and had no meaning , and then erased them once they reached the other side (e.g. maybe a different email account of mine), then that's no skin off my back since I know I shouldn't care. Any monitoring agencies, though, would want to store it for later analysis (good luck!).

In other words, I consume relatively few resources while any snoopers would have to consume relatively many.

If I sent such a file once an hour, the government would have to devote a lot of resources to trying to figure me out. If we all sent such a file once an hour, say with a Firefox extension or something (it doesn't have to waste too much bandwidth -- send it to some cooperating fellow on the same ISP subnet, let's say), then I'm pretty sure we could put a serious dent in the ability for Big Brother to monitor "everything".

Comment Agree! Win8/10 = crap. Here's how I got Win7 again (Score 1) 360

I had similar bad experiences with my work laptop, until I could get Windows 7 on a new laptop.

I was with a small workplace and given a laptop for work, one of those cheap ones you get at the local electronics store. It had Windows 8, a whole host of preloaded crapware, and was incredibly clumsy.

When I complained, I was given a small budget to get my own laptop. I got a refurbished Lenovo Yoga, one of those two-in-one things that could open fold back the screen completely on itself, and pretend to be a tablet if you ignored the keyboard on the back. Conceptually great, but also came with preloaded crapware, the biggest of which was this monstrosity known as Windows 8.

Moreover, there was a big problem for people like me who needed to close up the laptop, tuck it under my arm to walk into the next room, and open it up again without the laptop powering down.

If you held the laptop the wrong way up, the software would detect that you had rotated the screen, try to act like it was an iPad, and turn all the windows 90 degrees, squeezing them into the now-narrower-and-taller screen. The windows would get narrower to fit, but wouldn't grow taller to take up available space on the screen. It also took about 2 seconds for the software to realize that gravity had changed direction. The upshot was that when I walked into the next workroom, sat down, and opened my laptop, the windows would be sideways or upside down for a few seconds, and then rotate to the correct orientation but not size. I actually had to write an AutoHotkey routine to resize windows.

I tried to install Linux on these. I was able to boot from flash USB drive and install, but it would not naturally boot the installed Linux without the USB drive. It refused to boot GRUB and give me a boot selector.

I bemoaned the loss of Windows 7 (which is still a Microsoft product but a lot more predictable and came before the Let's-Make-Windows-A-Tablet-GUI era) and the ubiquity of crapware, until I was given a slightly higher budget to get a Dell laptop after bitter complaining.

Lo! and behold! The Dell Vostro small business laptop was available with Windows 7! It had no crapware, and the BIOS not only allowed but actually defaulted to legacy non-secure boot which allowed me to install Linux. (Some of the BIOS settings actually mentioned Linux: "such-and-such a setting should be used for Ubuntu", the BIOS said.) The Windows 7 must have been through some loophole, because this Dell laptop comes with a "recover disk" for Windows 8 and not Win7 (even though the computer comes with Win7 installed). It comes with a "generate your own recovery disk" software so that you can restore Win7 -- I guess somehow Dell's not allowed to provide a Win7 disk.

I am so happy that I can actually take shelter under Windows 7 and hopefully ride out the Win8/Win10 crapfest until something reasonable comes along. I swear if Linux had anything like AutoHotkey, I'd stop using Windows altogether.

Comment people (like me) ask smartphone questions often (Score 1) 44

Not once have I ever witnessed a person walking down the street and ask their phone a question.

I have never done that, but it's mainly because I tend to drive more than walk, so I agree with parent in addressing GP's point. In the car, I ask questions of my phone all the time, and it's not even Siri; it's an Android device that a snagged for less than US$70 (HTC MyTouch). Often when my kid asks a question, like "Daddy, when did Pompeii get buried?", we seize the moment and find out right away rather than waiting to look it up when we get home. I firmly believe that this ability to get information on the spot (which you couldn't do if you had to type in the web query on the smartphone) accelerates the development and intelligence of society as a collective organism. In other words, it's good for everybody.

Disclaimer: I still don't know what Cortana is, and I still plan to get the Neo900 when it comes out.

Comment send gobs of meaningless data for them to surveil! (Score 1) 123

The person I was responding to said that it was hopeless because it's practically impossible to avoid targeted surveillance of sufficient scope by the NSA. I said that this didn't matter because targeted surveillance is not the problem, mass surveillance is.

This may or may not be a bit off-topic, but deals a bit with planting the seeds of making it somewhat harder to monitor/decrypt your computer communications stuff.

The issue here is not that someone is watching you now because you are doing Something AntiGovernment (synonym for "Evil"), but that someone is vacuuming up everything you do, and then later when you decide to do something Evil, they will go back to their massive records and check out what you previously did.

It would be nice to have a scheme to:
1. interfere with your ability to record and decrypt everything
2. have an unbreakable code for communicating with other people

Since they vacuum up everything, let's give them stuff to vacuum up. I think I'm going to post a lot of stuff in my gmail account or hosted filespace, big gobs of files that are just random data. Ha! Let them decrypt that! I might create a TrueCrypt volume or two, and then stick that on the web. If everyone did that, the TLA agencies might drive themselves nuts trying to figure out if those files meant anything or not. I might even name the files "LatestPopularHits.mp3" or "PiratedPornVideo.mov" and dangle it in front of the latest MAFIAA antipiracy dogs.

One nice thing about having files of random gibberish on the web is that they make great one-time pads for encrypting. It's already out there, so you and I can just agree on a certain file that's on Rapidshare or something, and we can use that to encrypt; concepturally, it could be as simple as a bitwise XOR with the random file. To guard against the NSA just trying every single file on the planet for a key (I wouldn't put it past them), we could even say, "Our one-time pad is the first 123kb of File A, plus the second 456kb of file B."

So, start dumping those gobs of random data onto the web! You could even email large amounts of random garbage to a dummy email account, and then deleting it, thus costing you no more than negligible bandwidth, while the GMails and NSA's out there try to record an accumulating pile of useless garbage that no longer exists anywhere except in their own archives.

Screw all this surveillance. Screw Big Brother.

Comment Is FitBit *TOO* accurate? (Score 2) 128

I have a FitBit, I also have a smart phone with the FitBit app on. The smart phone has motion sensors and data collection ability.

The FitBit is a lot more accurate

I'd like an opinion from you as a FitBit user (or any other FitBit users out there)...

Yes, FitBit's advantages include the fact that it follows you everywhere since it's more easily worn anywhere, including the shower nowadays for some of the newer models.

I got a FitBit as a gift for a good friend of mine. She was appalled by how it asks for permission to send very private info, and was really hesitant about starting to use it. (And I thought *I* was the one always warning people about society being apathetic about the insidious encroachment of privacy by software!) I did some digging and found articles on the web nothing that "Ira Hunt, the agency's chief tech officer, had this to say about fitness bands: 'What's really most intriguing is that you can be 100% guaranteed to be identified by simply your gait - how you walk.'"

Also, apparently FitBit asks for permission to access your Contacts info on the iPhone, purportedly just so it can contact all your friends who own FitBits and tell them how excited you are to have gotten one.

Would it be true that, with a smartphone app rather than a purpose-built device, you'd have more control over the privacy settings and what the fitness program does with its data? At least, presumably, there would be a choice of apps and you could choose one that is less invasive of privacy. I don't know because I use a Linux(Maemo)-based phone and don't have access to the wonderful world of Android/iPhone. Any comments in this regard would be appreciated.

Epilogue: My friend started to set up her FitBit but got scared enough about per privacy that she decided to return it. Concerned about the company harvesting her data after she returned it, she hid it in a place for two weeks to guarantee that its battery would run out before she returned it. (Not sure if this is the way to do it.)

Comment hash a simple pre-password for a strong password (Score 1) 223

This is a reply not just to the comment from amxcode but the GPpost from ColdWetDog.

A random-seeming password doesn't really have to be random, and thus you don't have to rely on someone else's software to keep track. You can generate a long password by hashing a short, easy-to-remember "pre-password" that only you could guess.

For example, you can decide that your personal password-salt is "ColdWetDog", and the pre-password for your Amazon login is simply "amazonColdWetDog". (And the pre-password for your bank would be "bankColdWetDog".) Then you hash it with MD5 (or SHA-1 or RIPEMD-160 if you don't like the collision vulnerability of MD5, though in tis case it doesn't make a difference). The result is a long string, and you can take the first n bits and use that as your password. (Yes, MD5 only generates hex digits, so accumulate it into base64 to make them ASCII characters.)

And, boom!, there's your big long pseudorandom password that you can use no matter which operating system you switch to, without having to worry about any password app from some app store.

My own password manager is a text file encrypted with open-ssl. It's not just that I am paranoid about password apps someone else wrote; I also need it to work on multiple platforms. Write your own; it's not that hard.

Comment Agree: doctors fall into EMR vendor lock-in trap (Score 1) 240

As a physician who was dragged screaming and kicking into having to use EPIC, I have to agree.

I never knew I could hate a company more than Microsoft. Their client is a bloated horror that nevertheless acts like the thinnest client in the world: "Oh, look, the doctor pressed the Shift key ... I guess I'll send that over the network, and wait for a response ... oh look, s/he released the Shift key now -- I guess I'll send that over the network, too..." Apparently it's based on the Internet Explorer library, so there is no Mac version (at least not when I was using it)...

The interface was so bad that I learned how to program in AutoHotkey and probably spent in excess of 200 hours over a year to automate things. AutoHotkey was a lifesaver: open source and powerful. (In fact, the pitiful xdotool we have for Linux doesn't even come close to AutoHotkey for windows, and even if I weren't forced to use Windows for my work, I might have ended up choosing it over Linux just because of AutoHotkey and its ecosystem of experienced developers.)

At the time I was with a large clinic chain that had about 40% of the market in our large sprawling metropolitan supercluster location. They surveyed the doctors, who said that on average they were spending an extra hour per day using Epic. And in the end, it was a lot of *data*-generation and not a lot of *information*. Our specialists complained that everything was being crammed into a template form, and they really couldn't tell what we were thinking, just checklists of what the patient did/did not have.

Having vendor lock-in, they have no incentive to improve. They can do whatever they want... if the clinic/hospital is already stuck using Epic, why would they spend money on fixing their problems instead of recruiting more clients?

Having said all that, even Epic is better than what I'm stuck using right now ... eClinicalWorks. That's even worse than Epic. All the problems of Epic, plus even worse interface. Right now I type my notes in a plain text editor and then use AutoHotkey to cut-n-paste it into eClinicalWorks. What a nightmare.

OpenEMR all the way!

Comment CookieController deletes cookies with 1click (Score 1) 219

I use Cookie Controller. Among other things, it has a handy button to click on. On the first click, it will wipe out temporary (session) cookies for the site you're on right now. On the second click, it will wipe persistent cookies, too. The third click wipes out session cookies for all sites. A fourth click will wipe all cookies. The button appearance changes to let you know what it's going to do, and in case you forget, hovering over the button brings up a tooltip that tells you what sorts of cookies and how many are about to get wiped.

Very handy now that Google is tracking everything. I don't particularly want all my casual searches to be linked to my Google maps requests and my Google translates.

The plugin doesn't sound as automated as Self-Destructing Cookies, so maybe I will check it out.

Comment Palo Alto is Spanish for "perpetual traffic jam" (Score 1) 250

A benefit with Palo Alto and surrounding communities is that you can actually find parking.

Yes, traffic flows so slowly through Palo Alto (including Highway 101 on weeknights where drivers slow to a crawl as soon as you enter Palo Alto) that you can always find parking. You see, the entire city of Palo Alto is one big parking lot!

Comment Agree: So, can computer RAM literally fill up? (Score 1) 206

Agree. Unless "fill up" is interpreted this way, you might similarly say of the claim that "my computer RAM has literally filled up and there are zero bytes free" that there has been no physical cavity within the RAM chips which have decreased in volume due to contents physically occupying volume.

Slashdot Top Deals

These screamingly hilarious gogs ensure owners of X Ray Gogs to be the life of any party. -- X-Ray Gogs Instructions

Working...