Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Carly Fiorina is... (Score 4, Interesting) 327

a bad business person.

Like many other CEOs, she thought short-term without considering the long-term implications of her actions.

She pushed outsourcing to the detriment of American workers
She eroded the previous HP quality
She bought a horrible company in Compaq
She failed to properly integrate Compaq into HP
She failed to leverage a crown jewel in the DEC Alpha, and contributed to its cancellation after the acquisition
She destroyed the value of the overall business of HP

I don't need to say she is anti-American, though she may be. Definitely a business failure though, despite the golden parachute.

Comment A better solution (Score 2) 145

Comcast needs to have its own service, Stream TV, imputed against Comcast's own data caps. This will ensure that Comcast does not gain a corporate advantage via exploiting data caps in a monopolistic fashion.

Then, every other ISP needs to have the same thing occur to prevent the same malfeasance by Comcast from spreading further.

However, fundamentally, I think the definition of wired broadband need to change to assume the following.

Wired bandwidth you are provided is a constant stream.

Comment Hmm, a 50% tax (Score 1) 240

Is this a 50% tax on profits, or gross revenues?

In either case, I think a 50% tax makes many businesses not viable. Across the US we have huge unemployment issues, and many young people are unemployed. This is a negative situation, and is putting the social safety net at risk. Companies move where the taxes are lowest.

It appears that many small businesses pay much more in taxes than do the large multinationals employing the double irish with a dutch sandwich

Furthermore, the US already has worldwide taxation that leads to double taxation, whereas most countries utilize a territorial taxation system. Worldwide taxation leads to companies keeping their earnings abroad to mitigate the double tax when they return them to the US

High taxes, unemployment, and high welfare can create perverse incentives for people needing income.

I don't think a 50% tax is going to solve any of those problems.

In summary:
We need tax reform
We need territorial taxation
We need to address taxation for smaller businesses
We need something like basic income that is more equitable

Comment Your story is short of facts (Score 4, Informative) 168

Comment A response (Score 1) 44

This sounds like a big moneypit for Ames. Furthermore, Ames has not been able to retain their government staff, since they are quickly poached to nearby Silicon Valley.

Most of NASA's critical infrastructure is located on JSC, GSFC, KSC, MSFC and JPL. We'd be much better off utilizing those locations, rather than ARC. Although ARC has proximity to startups, GSFC has proximity to the world's largest concentration of human security talent, along with DISA and NSA being next door. JPL has some great SCADA security talent too, and both JSC and KSC have huge room for physical growth, and lower labor rates. The SCADA infrastructure most pertinent to the health & safety of the U.S. public is actually the NASA-NOAA relationship around data feeds from satellite ground system ICS/SCADA which feeds NOAA's weather forecasting capability, and is directly, and indirectly, the foremost source of information for meteorology.

As far as NASA fixing all SCADA infrastructure this sounds crazy. There are too many separate SCADA/ICS domains that should be handled separately, particularly as IoT grows

Comment A response (Score 5, Informative) 401

This is all distraction, as operating system configuration and patching is not a "backdoor'.

The best response to the FBI's request I've read thus far comes from the noted IOS forensics security guru, Jonathan Zdziarski where he wrote the following

An instrument is the term used in the courts to describe anything from a breathalyzer device to a forensics tool, and in order to get judicial notice of a new instrument, it must be established that it is validated, peer reviewed, and accepted in the scientific community. It is also held to strict requirements of reproducibility and predictability, requiring third parties (such as defense experts) to have access to it. I've often heard Cellebrite referred to, for example, as the Cellebrite instrument in courts. Instruments are treated very differently from a simple lab service, like dumping a phone. I've done both of these for law enforcement in the past: provided services, and developed a forensics tool. Providing a simple dump of a disk image only involves my giving testimony of my technique. My forensics tools, however, required a much thorough process that took significant resources, and they would for Apple too.

The tool must be designed and developed under much more stringent practices that involve reproducible, predictable results, extensive error checking, documentation, adequate logging of errors, and so on. The tool must be forensically sound and not change anything on the target, or document every change that it makes / is made in the process. Full documentation must be written that explains the methods and techniques used to disable Apple's own security features. The tool cannot simply be some throw-together to break a PIN; it must be designed in a manner in which its function can be explained, and its methodology could be reproduced by independent third parties. Since FBI is supposedly the ones to provide the PIN codes to try, Apple must also design and develop an interface / harness to communicate PINs into the tool, which means added engineering for input validation, protocol design, more logging, error handling, and so on. FBI has asked to do this wirelessly (possibly remotely), which also means transit encryption, validation, certificate revocation, and so on.

Once the tool itself is designed, it must be tested internally on a number of devices with exactly matching versions of hardware and operating system, and peer reviewed internally to establish a pool of peer-review experts that can vouch for the technology. In my case, it was a bunch of scientists from various government agencies doing the peer-review for me. The test devices will be imaged before and after, and their disk images compared to ensure that no bits were changed; changes that do occur from the operating system unlocking, logging, etc., will need to be documented so they can be explained to the courts. Bugs must be addressed. The user interface must be simplified and robust in its error handling so that it can be used by third parties.

Once the tool is ready, it must be tested and validated by a third party. In this case, it would be NIST/NIJ (which is where my own tools were validated). NIST has a mobile forensics testing and validation process by which Apple would need to provide a copy of the tool (which would have to work on all of their test devices) for NIST to verify. NIST checks to ensure that all of the data on the test devices is recovered. Any time the software is updated, it should go back through the validation process. Once NIST tests and validates the device, it would be clear for the FBI to use on the device. Here is an example of what my tools validation from NIJ looks like: https://www.ncjrs.gov/pdffiles...

During trial, the court will want to see what kind of scientific peer review the tool has had; if it is not validated by NIST or some other third party, or has no acceptance in the scientific community, the tool and any evidence gathered by it could be rejected.

Apple must be prepared to defend their tool and methodology in court; no really, the defense / judge / even juries in CA will ask stupid questions such as, why didn't you do it this way, or is this jail breaking, or couldn't you just jailbreak the phone? (i was actually asked that by a juror in CA's broken legal system that lets the jury ask questions). Apple has to invest resources in engineers who are intimately familiar with not only their code, but also why they chose the methodology they did as their best practices. If certain challenges don't end well, future versions of the instrument may end up needing to incorporate changes at the request of FBI.

If evidence from a device ever leads to a case in a court room, the defense attorney will (and should) request a copy of the tool to have independent third party verification performed, at which point the software will need to be made to work on another set of test devices. Apple will need to work with defense experts to instruct them on how to use the tool to provide predictable and consistent results.

In the likely event that FBI compels the use of the tool for other devices, Apple will need to maintain engineering and legal staff to keep up to date on their knowledge of the tool, maintain the tool, and provide testimony as needed.

In other words, developing an instrument is far more involved than simply dumping a phone for FBI, which FBI could have ordered:

Developed to forensically sound standards
Validated and peer-reviewed
Be tested and run on numerous test devices
Accepted in court
Given to third party forensics experts (testing)
Given to defense experts (defense)
Stand up to challenges
Be explained on the stand
Possibly give source code if ordered
Maintain and report on issues
Defend lawsuits from those convicted
Legally pursue any agencies, forensics companies, or hackers that steal parts of the code.
Maintain legal and engineering staff to support it
On appeals, go through much of the process all over again

The risks are significant too:

Ingested by an agency, reverse engineered, then combined with in-house or purchased exploits to fill in the gap of code signing.
Ingested by private forensics companies, combined with other tools / exploits, then sold as a commercial product.
Leaked to criminal hackers, who reverse engineer and find ways to further exploit devices, steal personal data, or use it as an injection point for other ways to weaken the security of the device.
The PR nightmare from demonstrating in a very public venue how the company's own products can be back doored.
The judicial precedents set to now allow virtually any agency to compel the software be used on any other device.
The international ramifications of other countries following in our footsteps; many countries of which have governments that oppress civil rights.

This far exceeds the realm of reasonable assistance, especially considering that Apple is not a professional forensics company and has no experience in designing forensic methodology, tools, or forensic validation. FBI could attempt to circumvent proper validation by issuing a deviation (as they had at one point with my own tools), however this runs the risk of causing the house of cards to collapse if challenged by a defense attorney.

Comment Twitter censorship (Score 4, Interesting) 832

There are already numerous allegations of Twitter censoring and unverifying the political right or pro-gamergate folks such as Milo Yiannopoulos. Trump is actually a big attention grabber and he is capturing lots of media attention, so censoring him would hurt Twitter more.

A better question may be why they haven't come down harder on terrorist activities on Twitter

Slashdot Top Deals

If God had not given us sticky tape, it would have been necessary to invent it.