Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Netalyzr on Android (google.com)

nweaver writes: Many Slashdot readers are no doubt familiar with Netalyzr, our free, comprehensive network measurement and diagnostic tool that runs in the browser using Java. For those that aren't, its checks a ton of network properties and provides a handy report. At the same time, Slashdot readers also know that Java should probably be removed from the browser. We've been hard at work on a solution: a Android port of Netalyzr, which is both free and advertisement free. We implemented the full Netalyzr test suite, test run in the background (so you don't need to wait), and if your debugging someone else's network, you can have them run Netalyzr and share their results with you. Help us understand what works on the Internet, and what doesn't.

Comment Re:The death-knell of US cloud providers... (Score 3, Insightful) 771

Lavabit is supposed to be a zero knowledge mail provider.

If you believe that, I have a bridge I'd like to sell you. It is perfectly possible to make a email system where the provider knows very little, but you need to change the basic email protocols to do that. Even PGP isn't sufficient, since it doesn't protect key portions of the mail (To:, From:, Subject:, message length, etc) from observation.

If you receive normal email through SMTP, the provider must be able to read the email as it arrives. Similarly, if you offer a web interface to access, the provider must be able to read your email when you access it through the web interface, because the provider can always provide JavaScript that leaks any keys involved back to the server.

Comment The death-knell of US cloud providers... (Score 5, Insightful) 771

Clearly the operator of Lavabit received a national security letter or warrant which he objected to.

Now since Lavabit is based on normal mail protocols, the operator has the ability to see all the data when it comes in, and obviously with a warrant or NSL, the provider can be compelled to provide the information to the feds. But I suspect that the request was not just something mild ("This sleazebag's mail account") but something broader, given the reaction was to close down the service completely.

In any case, this is also a great reminder of why the cloud, especially US cloud providers, can't be trusted. Companies who care about security are going to have to abandon the cloud and go back to insourcing their infrastructure.

Comment BAD article, better source, and other notes... (Score 5, Informative) 923

The Atlantic article is BAD. Not only is it a summary with no additional information (and information removed), but uses a bad and unrelated photograph!

Read the original article on Medium, and I strongly suggest that a Slashdot editor change the article link.

Although circumstantial, this implies one of two possibilities. Either Google is voluntarily looking for "suspicious" searches and reporting them to law enforcement, or law enforcement (using a warrant, a wiretap, a NSL, or similar) is either forcing Google to look for such suspicious searches or simply wiretapping Google.

Submission + - Google + Feds: Watching your searches..

nweaver writes: Michele Catalano has a scary story about how innocent web searches for Pressure Cookers and backpacks (and perhaps quinoa) apparently resulted in a visit from Anti-terrorism Law Enforcement. If true, this implies one of two possibilities. Either Google is, on their own initiative, checking people's activity for "suspicious" behavior and reporting it to the government, or the government has mandated that Google report such "suspicious" behavior.

Comment Welcome to Cisco and MS's future... (Score 5, Interesting) 410

The problem is the credible fear of a lifecycle attack is sufficient to require that such hardware be avoided. There is a reasonable fear that the chinese might try something using Lenovo kit, therefore the classified networks need to avoid it. Its the same reason why Huawei networking hardware is avoided in some circles.

Of course, with the NSA now clearly off the leash, US IT equipment is now in the same position. Microsoft clearly backdoored Skype to enable easy wiretapping, the NSA is reportedly hacking foreign networks to introduce monitoring (who knows, perhaps it was the NSA responsible for the Athens Affair?), and with any US Cloud service provider subject to PRISM-style requirements, US IT infrastructure is now in the same boat that the Chinese have been struggling with for years now.

Comment But does it work well in practice? (Score 5, Interesting) 94

Strongbox technically is very strong, without a doubt. But, being TOR based, it will be hard to use. Worse, a potential leaker not only must use their own computer (ideally a throwaway computer), but they can never have VISITED the Strongbox information page from work, because otherwise any leak to the New Yorker will be suspicious.

And Strongbox's information page drives Ghostery crazy! Not a good sign for a privacy tool.

Probably more important is general Operational Security, including burner phones and/or burner computers.

Julia Angwin has an excellent additional point: Physical mail (dropped in a random post-box with a bogus return address) is perhaps the best way for anonymous one-way communication. The USPS will record address information when asked by law enforcement, but (currently) doesn't record this on all mail. Thus there is no history and, even if there was, this can only be traced to the processing post office. Perhaps the best use of the mail is simply to send the reporter a burner phone preprogrammed so that the reporter can call your burner.

Comment 1FuckBTCqwBQexxs9jiuWTiZeoKfSo9Vyi (Score 2) 239

Yes, send your unwanted bitcoins here: 1FuckBTCqwBQexxs9jiuWTiZeoKfSo9Vyi

Overall, a general problem with BitCoin mining is that it is a classic "Red Queen's Race". The fixed rate of bitcoin addition means you can only get ahead at the cost of someone else. Which means, IF bitcoin succeeded, mining is effectively non-profit as the rather low barrier to entry (even ASIC rigs are only $2K) and no monopoly power means that the profit from mining gets, well, stripped out.

Comment Sadly, no... (Score 3, Interesting) 153

iMessage keeps messages secret from the carrier, but it can't keep the messages secret from the feds.

Apple has to be able to know the user's private key to allow them to log in new devices, at least when the user logs into Apple using their Apple password. And therefore, with a warrant, so can the police.

Now Apple could use a technique where your password is hashed one way to create your iMessage key, and hashed a different way to be sent to Apple for logging in. But this doen't seem likely, as a login to iCloud (using a user's apple Password) on the web interface sends the password to Apple where its hashed on their end for login validation. So unless the iPhone/Mac iCloud login uses a different technique, Apple must (at a minimum) be able to access the user's iMessage key when the user logs into Apple.

And its far more likely that Apple (and therefore the police with a search warrant) can get the user's iMessage key whenever they want.

Comment All Biofuels are a crock.. (Score 5, Informative) 238

It's all a simple matter of area: With an electric vehicle my entire transportation energy usage can pretty much be covered with a small rooftop solar system. To do it with biofuels would require acres of space.

The problem is simple: Photosynthesis is just vastly less efficient than photo voltaic solar

Comment Various bits of FUD correction. (Score 5, Informative) 404

a: An FFL7 (which is what Defense Distributed got), once they complete some additional tax paperwork, allows them to make and sell semiautomatic rifles like any other manufacturer. And there are lots of small manufacturers these days. Heck, there is one in Napa, CA, if you want a fine, vintage 2013 AR-15 with "Made in Napa, CA" printed on the side.

b: Plastic AR lower receivers are old news. There is a lot of panic buying of AR rifle components thanks to Dianne Feinstein's salesmanship, but the plastic lowers are readily available.

You can even get a 5-pack for $400!.

Distributed Defense's sales, if any, are going to be those wanting to support their R&D, as there is no way they can compete with the existing aluminum lowers, let alone existing plastic ones, on price or quality for a given price.

c: There are a lot of businesses which legally help you make your own gun. EG, you buy an 80% lower (a not completed lower receiver) which the ATF does not consider to be a gun and then you finish it yourself by renting some milling machine time and doing it yourself. Until its finished by the purchaser, its a paperweight, not a gun.

d: Some guy has even managed to do a home-made polymer lower using molding techniques.

Slashdot Top Deals

This is clearly another case of too many mad scientists, and not enough hunchbacks.