Please create an account to participate in the Slashdot moderation system


Forgot your password?
Trust the World's Fastest VPN with Your Internet Security & Freedom with PureVPN - 79% off. ×

Comment Re:So basically.. (Score 5, Insightful) 179

What I'm taking away from this is that anything David ever has made or will make in the future should not be trusted.

While I'll grant that the you're partially justified by the ridiculously bad summary, your takeaway is dead wrong.

First, having just skimmed through the article and the (very interesting!) paper, let me point out why the summary is ridiculously bad. Chaum's protocol does not include a backdoor, and certainly not "just to please governments".

What Chaum did was to describe a really cool anonymous routing and communications protocol, with a number of highly desirable properties. The biggest one is that his protocol is designed to be secure against nation state access, unlike Tor. It should also be quite a bit faster than Tor because communications require no public key cryptographic operations; everything is done with very-fast symmetric crypto, building on top of a precomputed homomorphic encryption. Making this scheme work, though, depends on the existence of a trusted third party (TTP).

In general, relying on a TTP is problematic in contexts where there isn't any obvious person or organization who could be trusted. And for a global communications network that will be used by lots of people and which many governments might like to penetrate, and which in fact is specifically focused on trying to prevent penetration by nation states, there clearly exists NO such single party.

Chaum's solution to the problem of how to trust when no one is trustworthy (a common problem in security design, actually) is to distribute the trust (a common solution, though Chaum's implementation is particularly clever). By arranging things so that the TTP role is spread across many different nations, each of which is fairly trustworthy except in particular areas, and selecting those nations so the areas in which they're untrustworthy are different, and designing the cryptography so that any abuse of the TTP role requires willing participation of 100% of said nations, it may be possible to construct a TTP which is trustworthy in the aggregate, even though no individual member is fully trustworthy.

This is a very clever solution to what I would have said is a completely intractable problem.

Comment Re:we all get what most of us deserve (Score 1) 406

You present it as though there were a choice. As internet access spread beyond a small number of geeks (and people started to buy stuff via the internet) then adverts began to appear in earnest and what you describe is more less inevitable.

This is true, it was inevitable, but you give the wrong reason.

Telling people (at least the non-tech "general public") not to use sites that have advertising is akin to telling them not use the web at all. When a platform becomes as widely used and powerful as the web then it inevitably becomes of interest to the rich and powerful who wish to control it.

No, the reason advertising was inevitable on the web has nothing to do with class warfare.

The real reason is that while it's practical to self-fund a small server in your basement, dorm room or university computer room that can serve static or semi-static content to a small population of users, it's an entirely different proposition to build and operate infrastructure capable of serving dynamic information to a billion users. Doing the latter requires tens of billions of dollars of infrastructure and billions of dollars of annual operation expenses.

Scaling the web up to where it could serve the entire population of the developed world, as it does now, required lots and lots of money. Where was that money going to come from? It ultimately had to come from the users, and there were really only two obvious ways for that to work: subscriptions or advertising. A subscription-based approach would have either placed barriers all over the web that made its core feature -- hyperlinking -- nearly useless, or else required the establishment of some sort of enormous micropayments system. But micropayments suck in all sorts of ways. I won't go into why because that's another (lengthy) post.

Advertising, however, has long proven to be the ideal way to fund large-scale mass media infrastructure. It made inexpensive newspapers possible, and then paid for free radio and television broadcasts, paying for armies of reporters and tens of thousands of local radio and TV broadcast stations. It works even better in the case of the web. It scales beautifully with the size of the audience, adds no friction to cross-site links and enables the economic creation and distribution of all sorts of mass-market content and services. Further, on the web it's possible to do targeted advertising, which increases the revenue potential and therefore decreases the amount of advertising necessary to fund the web (if you think there's a lot of advertising on the web now, be glad you're not seeing what it would look like without targeting).

Advertising also sucks. It gets in the way of the content that users are actually seeking. Advertisers devise and implement various tricks to make their ads more prominent than others, and more prominent than the content it's bookending. On TV, for example, ads are louder than most programs. Users develop schemes to avoid having to see the unwanted advertising content, and advertisers find ways to thwart these schemes. On the web, it's potentially even worse because of the possibility of malware getting inserted into advertising channels. And targeted advertising creates privacy concerns.

BUT the servers have to be funded somehow, and the old web model of donated equipment and bandwidth simply can't serve the entire population. And while advertising sucks, it sucks much less than the other alternative funding mechanisms.

So, advertising is inevitable. And given that there's a big money hose, it's then inevitable that the rich and powerful will be looking to find ways to siphon some of that money off for themselves. But that's an effect, not the cause, of advertising on the web.

Comment Re:Bad research (Score 1) 274

That is a classic justification mechanism for crazy morons in denial. There are tons of studies on this subject, with contradictory results (as is usual for medical studies with a political component). Sure, you can pick just the few percentage of studies that you agree with, but that doesn't mean you aren't a biased moron.

So far, we're pretty confident of the following: 1) Alcohol consumption correlates with lower mortality 1a) But people in at-risk groups drink less, including poor, extremely unhealthy, and teetotalling ex-alcoholics. 2) Alcohol improves on some health markers 2b) But makes others worse. 2c) Which probably makes alcohol's cost/benefits dependent on other things, such as whether you have heart disease.

I think the clearest conclusion we can make is that the effect of light to moderate alcohol consumption on health is very small. It may be positive, negative or neither, and perhaps we could identify specific populations in which it has larger effects, overall it's is negligible. However, this only applies to light to moderate consumption; heavy consumption is clearly very bad for you.

(And before the AC calls me out for being an alcoholic in denial, I'll mention that I'm a non-drinker. I've never consumed an alcoholic beverage in my life.)

Comment Re:Sweet (Score 1) 126

Unlocking the bootloader and flashing a ROM requires a backup, wipe, and restore. What's the easiest way for a user to be sure that a backup tool downloaded from Google Play Store actually saved everything in a way that it can restore?

What apps do you use that need to be backed up? Games, I suppose... if you care about having your progress saved.

Personally, I don't worry about backup/restore. When I reflash, or get a new device, I just start clean. Pretty much everything I'd care to back up and restore is synced to the cloud anyway, so it just shows up. Android Marshmallow made it particularly slick the most recent time. It asked if I wanted to restore all my apps and stuff from my old phone and it did an outstanding job. Nearly everything was automatically installed and it even laid out my home screen and set my background. It still took a few minutes to set up a few things, and then for a while I was having to log into various apps the first time I used them, but all in all it was quite painless.

I suppose if you turn off all of the cloud backup options then it would be a different story.

Comment Re:Android security? lol! (Score 1) 126

You mean your 4 year old phone that you bought while Google had a published 2 year (from first sale) major update, 3 year (again, from first sale; or 18mo from last sale in the Google store) security update policy? If you're claiming you didn't know what you were buying, that's on you.

To be fair, Google didn't have an official support policy for Nexus devices when the Galaxy Nexus was released. In fact, Google didn't have such a policy until August 2015. It was understood previously that devices would get updates for a couple of years, but there was no specific commitment.

Actually, it seems that official update policies for mobile devices are a new idea. AFAICT Google's was the first, and I don't know that any other company has yet matched it. That includes Apple -- though in practice Apple usually supports devices for longer than 2-3 years.

(Disclaimer: I'm a Google Android engineer, working on the Android security team. I'm speaking for myself, though, not for Google.)

Comment Re:Well of course ... (Score 1) 113

And you don't get to whine if people stop buying your products because they can't trust you anymore.

Why the hell not?

If my government is damaging my business, against my wishes, in order to spy on me (and the rest of the world), I'd damned well better not just whine but yell and shout. I suppose the "you" in your statements was intended to refer to the US as a whole, but the US as a whole didn't do it and isn't on board with it. Unfortunately, a lot of voters who don't understand the issues and are afraid of brown people are on board with it. That just means those of us who do understand need to educate them.

Fortunately or unfortunately, depending on your perspective "we're losing billions of dollars every year because the world won't buy our goods and services because the NSA has been piggybacking spyware on them" is an argument said voters will understand. Once it gets bad enough.

Comment Re:How is this a story exactly? (Score 1) 113

Every governmental agency can legally force domestic companies to include a backdoor and keep their mouth shut about it.

Cite? Under what law?

Note that National Security Letters do not provide the power you mention. NSLs are restricted, by law, to requests for metadata about communications that the target possesses. Court orders have few limitations, but judges tend not to issue the sort of open-ended, unrestricted order that would be required for what you describe (the Lavabit story is famous because it's exceptional, not because it's normal).

Comment Re:expectation? (Score 1) 344

Then again, what if Apple decided people would be unhappy with the speed on iOS 9 so they decided to limit it to iPhone 5? I bet the same people grumbling about this issue would be grumbling about Apple's forced upgrades.

If they would let people downgrade OSes (or even if they didn't go out of their way to prevent people from downgrading the OS), then it wouldn't be a problem at all.

That would create security problems, or maintenance problems, take your pick. It would also create fragmentation.

If Apple allowed downgrades, then users would downgrade their phone OS to older versions with known vulnerabilities, and people would complain about Apple not backporting security fixes to the older versions.

If Apple did backport security fixes, then they'd be forced to maintain many different versions of their OS. Actually, they probably do already maintain multiple versions, for different hardware versions, but backporting bugfixes would multiply the versions they'd have to manage. Doable, but a big drain on scarce engineering resources.

And then there's fragmentation. By and large iOS app developers don't have to deal with writing for many different versions of iOS, specifically because Apple keeps essentially the entire iOS device base on the latest release.

Comment Re:Decline doesn't mean death. (Score 2) 325

For example?

Here, let's try this. I used Wikipedia:Random to grab 20 random articles. Can you (or someone else) provide corrections for the majority of them? Or any of them? (Aside: Wikipedia:Random gives a fascinating glimpse into the extreme breadth of Wikipedia topics.)


FWIW, my perception is that -- as found in the Nature study a few years ago -- Wikipedia is as good as any other encyclopedia in terms of accuracy, and blows every other encyclopedia in the world away in terms of breadth and depth. Nearly all of the controversy over editing and accuracy is really confined to a small subset of articles which are related to current events or currently-controversial topics. Editors are a little quicker on the "revert" trigger than they should be, but I've found that by providing references and being a little bit persistent (and trying to write reasonably good prose) I can always get corrections in when I see problems. Not that I often see problems in the topics I tend to look up.

Slashdot Top Deals

If you hype something and it succeeds, you're a genius -- it wasn't a hype. If you hype it and it fails, then it was just a hype. -- Neil Bogart