Follow Slashdot stories on Twitter


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Zero knowledge (Score 1) 91

That's why you always choose a zero knowledge provider. Someone that provides you a service but doesn't have access to read the content.

I'm pretty happy with ProtonMail in that area. They are not only located in Switzerland, with much stronger privacy laws, but also, they encrypt end-to-end, and therefore, have no access to the content. Mail between users in ProtonMail are automatically encrypted, while mail to someone outside the system can be sent as a URL the receiver has to have a password to access (and can be time-deleted).

Of course, it's not Google Inbox in terms of features, but it gets the job done. You can always do full PGP with any service, but you have to know what you are doing.

Until things get insanely simple, in this day and age, you've got to learn, and do what you can for your right to privacy.

Comment Depends on the community (Score 2) 197

If you go to a conference that is part of an active community, the biggest benefit IMHO is the human networking. Get to mingle with people who share your interests, values and ideas, and learn from others, teach what you know, and just get to have interesting discussions that can influence the direction of the project.

In my 29 years in the industry, I've attended many, many conferences. They all have their peak years and peak value, until they don't. Some communities just grow too large and become too broad. Networld+InterOp was one of my favorites to attend back in the 90s, but they grew too much and became too dominated by vendors. Sadly, the same has been going on with the OpenStack community in recent years, with the additional annoyance of petty fights about direction.

The folks at the Cloud Foundry Foundation keep their conferences deliberately small and targeted to the core audience, which makes them much more enjoyable, although it becomes harder to get talks accepted.

And let's face it, some conferences (particularly vendor conferences) are not very valuable, but they throw great parties, with lots of swag, free booze and just plain fun with single-serving friends. Those also have their niche, and there is nothing wrong with that either.

Just be clear what do you (or your employer) want to get out of the conference and go from there.

Comment Chile is interesting (Score 5, Interesting) 124

It never ceases to amaze me how prevalent and commonly accepted are UFOs in the Chilean collective psyche. You can even do a general search in the news for UFO-related articles and come back with a bunch (in Spanish). In virtually all cases, the generally accepted belief is that they have an extraterrestrial origin.

An overwhelming 85% of Chileans believe in the phenomenon, compared to a 48% of Americans, and the topic can easily come up in any colloquial conversation among regular people as something totally accepted.

Coincidentally, Chile is also fertile ground for "spiritual movements" that very regularly include UFO elements. As a Chilean myself, and as someone who was attracted to those movements in my 20s, I struggle to come up with a clear explanation of why Chile in particular seems to be so captivated by beliefs in the supernatural. Michael Shermer does a good job explaining generically why people believe weird things, but doesn't explain why certain specific cultures or countries seem to be more susceptible than others.

I, for one, believe the reason is the lack of formal teaching of Critical Thinking as a subject, throughout the school curriculum. In the US, critical thinking is virtually part of all subjects in the new Common Core standards, from K to 12. They were even part of the old standards, at least in all science classes. Although things may be different in Chile now (I graduated high school in 85), I don't recall to have ever been taught critical thinking skills. That's something I discovered years later when I moved to the US. That in spite of having gone through a rigorous degree in Computer Science at the University of Santiago. University careers, at least back in my day, were very technical in nature, and focused very narrowly on deep subjects, without concern to create a more rounded individual. That was an exercise left to each student.

Comment Re:Mitigation and alternatives (Score 1) 94

Both are fine options indeed. But you don't really need the routing core to deem the system secure. You only need to see the source of the clients to determine if you can guarantee end-to-end encryption. How the messages get routed is another story altogether, and your only concern would be metadata collection (which you should always assume it's happening anyways). I, for one, would love to see WhatsApp Erlang routing core and how do they do it, but it's more for my personal curiosity than true security.

Comment Mesh networking (Score 1) 140

IMHO, in the ideal situation, every WiFi access point should include by default a second SSID mapped to a VLAN that can allow complete traffic isolation between the personal network and the guest network. The guest network should be IEEE 802.11s-enabled to allow roaming and mesh networking, and 802.11u for interworking and authentication. In that way, emergency responders can have access to a network while protecting individual's privacy. Even nicer would be an emergency responder's network only available to them with CJDNS over those mesh networks. In that way, members can trust they are who they say the are, and all communication is encrypted.

Comment Mitigation and alternatives (Score 2) 94

Since I don't use Facebook, my number should be irrelevant to them to serve me advertisement in their platform. Furthermore, I use the anti-social plugins for browsing so they don't get my browsing history either.

If this really bothers you, Signal is a perfectly good alternative to WhatsApp, which is completely open source and with almost identical functionality. Another surprisingly good and also open source alternative is Wire, which doesn't rely on phone numbers, and it's completely multiplatform.

If you can't vote with your dollars, vote with your feet.

Comment Re:Cost of Living Tradeoffs (Score 1) 163

Mod parent up. I've seen *exactly* the same you point to virtually everywhere. But one thing I'd like to add is the perspective of the "startup", not only the large companies. They are great in luring you with big promises and massive amounts of stock options while offering crappy salaries. This also unfavorably caters to the young who can afford the gamble, and who are too naive to understand the downsides. They are not necessarily in the H1B game, but their way to keep you "at bay" is with their "at will" contracts, where a CEO can just fire you for no reason. HR is a third party outsourced company.

Comment Security is an afterthought (Score 1) 41

The IoT market is indeed insanely hot and competitive, and time-to-market can make or break a product's success. This means that the MVP version (minimum viable product), that is supposed to be just the first step in an iteration, many times ends up becoming the version that gets shipped.

It's very rare that security is considered in an MVP. Some simpler types of IoT devices (typically send-only), that rely more on the cloud back-end, may have better luck by improving the security of the cloud-based components over time, but if the device accepts input and network commands, all bets are off.

Comment Re:Seen this before? (Score 3, Interesting) 95

Not this time. I think this is an acknowledgment that they need to rethink what's important, and it's not the OS anymore. It's the Cloud (both, IaaS and PaaS), where AWS is the biggest competitor and the one to beat, reason why Azure is so strategic for Microsoft. They need to have expertise and business solutions whatever underlying OS the customer may choose. If Linux, they need to have an outstanding support for it in Azure and across all their offerings.

We may think this is the same old Microsoft, but I believe they are going through one of their biggest reinventions to date.

Comment Re:utterly pointless and ineffective (Score 5, Insightful) 556

Mod parent up. I feel more ashamed that it's actually MY congresswoman, and I will write her a note, because this is absolutely non-sensical as many have already pointed out. It will stop nothing.
I can get any low-end Android phone, put it in airplane mode and never sign up with a carrier, connect to any public WiFi network, and use a SIP client with ZRTP to connect to a server paid with Bitcoin to do my anonymous calls.
This is classic government reactive approach with no input from subject matter experts, always 10 steps behind.

Comment Insane (Score 4, Insightful) 33

May be I'm just getting old but I cannot wrap my head around these kinds of deals. Paying 100M for bullshit like that, when I can enumerate dozens of startups with amazing technology and real innovations in cloud, back-end services, automation, platform, security, etc, that can barely get a couple of millions to continue their development. The industry is ran by teens now.

Comment Re:A word to the wise (Score 1) 43

Really? has the IQ level in Slashdot gone downhill that much that you can't even do a Google search?

If you frequent this site, you will notice this community is big on privacy, and QubesOS has been for quite some time among the best options out there, since they are the only ones addressing very hard problems, like hard isolation of driver-level components in the OS, such as the USB or the Network subsystems for example. This is particularly good to mitigate against 'evil maid' type attacks and such. They achieve this using a modified version of the Xen hypervisor with lightweight VMs with a common hardened X-based interface.

These folks don't release very often, and this update has been coming for a long time, and it's very welcome. Particularly the UEFI boot support, that has blocked me to be able to install it on my private laptop.

Comment Streisand Effect of sorts (Score 1) 546

For years, many voices in tech have been screaming about lax security and privacy controls in most devices and online services. Well, this argument may end up being a Straisand Effect of sorts, by encouraging the tech community to finally rally together and develop the kind of systems where this will be a non-issue: zero knowledge, end-to-end encrypted, ephemeral IDs when we need it, plus validated, immutable, blockchain-based distributed trust systems when we choose to. Heck, right before this story in Slashdot you have the one on the release of Wire. We'll see more and more of this. The government has no idea of what they've unleashed.

Comment Re:So vague is has to be true? (Score 1) 241

What broke down here is the threat assessment model. Was there a competent team of interdisciplinary experts who reviewed the threat and concluded it was reasonably credible? then no need for a CYA, since you are doing your job.
But if this was based on the consensus of a few local folks you know, that may or may not have a respectable background to advice you, then it's on you.
First of all, if they would have a semi decent IT Security expert as part of their threat assessment team, they wouldn't even have reported that "the IP address was from Germany" since they'd know it's largely irrelevant, being most likely a Tor exit node or a VPN end point, if it didn't match a well-known origin. Instead, they'd focus on the language, plot details and other things that can reveal if this is indeed credible or not. Then they'd probably correlate with similar chatter in other places (like NY), and on and on.
I'm not sure if every major city should have one of such teams on stand-by, but at least a "service" should exist for these kinds of things so someone like a School Superintendent or a Mall Manager can tap into.

Slashdot Top Deals

Space is to place as eternity is to time. -- Joseph Joubert