Please create an account to participate in the Slashdot moderation system


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment 96% ! (Score 4, Interesting) 109

In consideration of:-

1/ the fact that due to massively expensive texting costs that Brazilian carriers place on customers ~96% of them use Whatsapp.

2/ Whatsapp just happens to offer full e2e strong encryption.

3/ Criminals want to save money also.

So criminals use whatsapp to communicate, thus thwarting legal interception.

I would suggest to the Judge that the root problem is not Whatsapp but the government supported telecoms carriers who forced this situation to exist.

Also, seriously Judges. Someone needs to go down there and teach them the meaning of impossible.

Comment A password? only for today. (Score 1) 637

Passwords are a passing fad they've only been around for about 45 years and it is my hope they will be a dead method within the next 5.

For now, I use a long random passwords with at least 44 bits of entropy (not telling you the character set or length, that leaks too much information). But as I said, the password must die because it is fatally flawed, it relies on having the service store a secret for comparison. Something that can be captured in transit or stolen on the server and brute force reversed from its hash (if used), then used repeatedly until revoked by an out of band repudiation method.

If the very near future only a per site unique zero knowledge proof of sufficient strength to preclude brute forcing will suffice, thus only public information is present on a server and by the nature of a zero knowledge proof against a unique challenge there is nothing useful to steal.

Comment I cannot believe they still think this is a UFO (Score 3, Interesting) 412

This is a well known optical issue, where a point source or illumination outside the field of view (sun) scatters light off the diaphragm edges inside the lens (almost square when fully stopped down). The light then passes back out the lens to reflect a second time of the front elements inside surface. This results in multiple images of the point source appearing at a point in the frame that are out of focus and appear to drift and merge.

Bet you anything you like, if the camera had been even slightly tilted during that clip the "UFO" would have shot across the frame at an integer multiple of the angular tilt.

This effect in a slightly different manner for UFO believers is repeated often when they insist on seeing Diamond UFO's in video footage taken with a camcorder at full zoom with the iris and focus on auto. What they see with their eyes is an unfamiliar point source of light (planet, plane etc), what the camera see's is an out of focus point source vignetted by the iris to a diamond shape with often the light meter filter giving the bottom half a red or green hue.

Comment Perfect Forward Secrecy? (Score 1) 314

Because this bill would require any vendor, writer or provider of encrypted communications to have a way to decrypt it would also require any form of TLS connection to not have perfect forward secrecy. This would mean having like in the earlier DOD era, having a separate crypto' suites for US use that exclude the option.

I mention this because it is not going to happen, the cat is out of the bag and it would require rewriting the core of every TLS implementation everywhere.

Comment Real or mock mocking! (Score 1) 391

Should we also mock Bruce for saying:-
"The problem isn't that people are idiots, that they should know that a USB stick found on the street is automatically bad and a USB stick given away at a trade show is automatically good."

I would say the latter is still suspect, what with Bad-USB firmware and other stuff, just because someone you trust gives you something, the trust does not extend to the something.

Comment Gaged to fail? (Score 1) 474

Coming from the UK we had this same issue more than a century ago between the 4' 8.5" (Stevenson 'what was in the colliery, seemed like a good idea') Standard Gage and the GWR 7 foot (Brunel 'Scientifically researched with the help of Charles Babbage') gage.

In the end, even though accident statistics (no GWR train ever rolled over), fuel efficiency per passenger per mile and other criteria decreed the 7 foot gage superior, the government ruled that since there was more Stevenson gage track in existence that the Brunel gage would be phased out and replaced with the new Standard gage.

I have to say that if they had gone the other way the world would be a far better place, because the wider gage would have allowed much higher speeds at an earlier epoch while affording much grater loads without the need of technology to avoid the risks of rollover. Saying that, the Bart system was an ambitious but eventually fruitless move.

Comment If true then DUMB (Score 1) 254

If Representative Darrell Issa actually said that then it is even more proof that you cannot have a rational discussion of this subject without understanding the technology. Without that understanding almost anything you say makes you look like a buffoon.

Sure you could image the hardware and try to brute force the encryption key, it would take you Trillions of years but you could do it. Reason being that the encryption key used on the storage is derived by mixing the users unlock code AND a strong secret, held within the devices CPU, the UID (even on the 5c). Without getting a copy of that from the device as well a the encrypted storage you cannot reduce the brute force guessing to the level of the passcode, being as the UID has much of the entropy of the two.

Apple quite logically has created the hardware of the CPU so that the UID is not available to any interface only as the output from an atomic operation when it is cryptographically mixed with the passcode guess. Also NO pretty sure you cannot physically extract it by taking the CPU apart, Apple would have made decapping the CPU extremely likely to damage it a way that prevents access. Which by the way would also render the evidence suspect and open to challenge under cross examination.

Comment Its Scripting time! (Score 3, Interesting) 95

Time to start developing that 'Write to be Unforgotten' search extension then.

Been planning this idea for a while and now seems the right time to do it. i.e.

Code a browser extension that using VPN tunnels to compare local and other nationality search results, adds back in redacted results with 'Locally Censored' tags, plus tag results seen locally but not elsewhere with 'Censored in: CN, EU etc'.

Also add CDN support to anonymously cache and test historical searches for global censorship.

Anyone interested in assisting or Beta-Testing?

Comment UA change imminent to: Googlebot/2.1... (Score 1) 675

Since many of these sites rely on their search engine rankings I bet they don't block search spiders that refuse scripting or even serve them ads as that would make their pages way too dynamic to be usefully indexed.

Thus the fourth option after Whitelist, Pay, Go-Away is change your browser's User Agent string to match that of a known search engines indexing spider.

Potentially, no more ads to block, no paywalls and also no malware because that stuff tries hard not to be noticed by the search engines and thus get the site blacklisted.

Comment Lies, Damn Lies and Statistics (Score 1) 602

Same thing here I suspect as with:

*Double daylight savings time stats for the two periods in history when it was tested in UK.
*Cubic spline curves on highway exits to reduce normal road entry speeds.
*Progressive noise strips on roundabout entries.
*Removal of curbs on shopping streets

All these 'experiments' that 'proved' their worth statistically, partly relied upon the introduction of something unfamiliar to the road user, which in turn promoted unease and inherently better observation. Unfortunately, after introduction and a suitable period of use they became familiar and their benefit was either nullified or in some cases resulted in greater road carnage.

Someone once said that over time the motorcar has become safer with seat belts, airbags, disk breaks, wide tires etc. Which resulted in such a feeling of well being that drivers drove progressively faster and more dangerously. The suggestion then was to remove the seat belts and airbags and replace them with a 6 inch metal spike sticking out of the steering wheel. This would theoretically cause drivers to be much more cautious of speed lest they be impaled. Anyone want to do a double-blind statistical study?

Comment Watched or scanned? (Score 1) 255

But did the BBFC really watch all 10 hours, or just use run it a high speed looking for a scene change. If it were me making this film I would definitely have put in some siliceous scenes of single or double frames (1/24s. 1/12s) with perhaps the occasional obscene word displayed subliminally (5% contrast) to see if they are on their toes.

If not, then HEY we just got smut past the censors, WIN!

Comment Beware of heavy loads reversing (Score 1) 875

Every time some politician makes a promise like this I always think, Sure but because of globalisation it will always be the smaller part of the company that resides in the first world. Therefore the logical outcome to any single government's moves against a corporation would be the decamping of said corporation to another jurisdiction. i.e. Apple would move out of the US entirely and place their headquarters in a more friendly nation.

Comment Deduplication anyone (Score 2) 284

As was pointed out by a commenter earlier when Bruce Schneier posted this.

This whole hypothetical is moot and has already been attempted for DMCA and Child Porn cases. This is because Deduplication is a feature of any large file sharing entity gmail included as drive space is not free.

Because of deduplication there will only ever be one copy of the relevant file clusters in existence and a table of assignments for which messages and or accounts to apply it too. Thus given an example of the file or the list of cluster hashes and a simple court order a company can expunge the one copy and/or return the list of holders with their association / upload / download dates.

Now one key issue would be that even a single bit changed in the file (mentioned in the article) would change the file hash and probably 50% of the bits in the specific cluster would flip. But for larger files >10MB it may be sufficient to match a percentage of cluster hashes and then inspect the misses further.

That said a savvy antagonist would recognise the above and suggest ways to defeat deduplication, even without using anything fancy. For a text file, simply running it through a compression algorithm would change it sufficiently and if you use one that does encryption correctly then each encipherment, even with the same key, would result in a different file. Plus since you are not actually interested in securing the file you could include the password as the filename.

Slashdot Top Deals

"'Tis true, 'tis pity, and pity 'tis 'tis true." -- Poloniouius, in Willie the Shake's _Hamlet, Prince of Darkness_