Slashdot Mirror


User: HiThere

HiThere's activity in the archive.

Stories
0
Comments
17,789
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 17,789

  1. Re:Excuses, excuses, excuses ! on Linus Responds To RdRand Petition With Scorn · · Score: 1

    Yes, but even if it's not a good source of entropy, it can be combined with other sources of entropy, and the combination, if properly done, should be stronger than either.

    OTOH, I'm not someone who either has or claims to have that kind of skill.

  2. Re:you have the source on Linus Responds To RdRand Petition With Scorn · · Score: 1

    That's NOT the entire point. One of the points, but not the only one. Let's not lose perspective here.

    So what's going on is that Linus isn't convinced that this is a problem that needs fixing. And because of this he isn't going to do so. Maybe he's right, maybe he's wrong. Certainly many people could make the change if they wanted to. Red Hat certainly could, and probably would if they though their customers wanted it. Debian could, and probably would if they were convinced their ideals demanded it. Ubuntu could. Probably SUSE. Maybe even Slackware. Convince any one of those, and you'll get a distro that implements that decision. But they are demanding that Linux make this change at the root of the tree...and NONE of the groups I mentioned have been convinced.

  3. Re:What's a spy antanna look like? on German Federal Police Helicopter Circles US Consulate · · Score: 1

    That brick wall is questionable. Antennas need to be conductive. You could, however, probably hide an antenna *within* a brick wall.

  4. Re:Obama ist kein Berliner ... on German Federal Police Helicopter Circles US Consulate · · Score: 1

    Things are a bit different than you realize. Now the news is centrally owned. If a story appears that is politically undesirable, ALL the major news media downplay it. During the VietNam era, citizen protests were heard. Now...well, they aren't suppressed physically any more harshly, but just about nobody hears about them...which makes them rather pointless. During the VietNam era a comedian could stage a mock campaign for president on TV. Today, that's just not feasible. ETC.

    When news is managed, you don't really need to manage actions tightly. And when you do, you can suppress people hearing about it. If the local police abuse their power and use tasers to torture someone, and then shoot him to death, you hear about it locally. Not nationally...unless it makes a point that the powers that be wish to be made. During the 1960's-70's an equivalent, or even a less brutal act, would be likely to be heard nation-wide. (Think Medgar Evers.)

    No direct comparison is possible, and this doesn't speak directly to foreign policy anyway, but the news is much more managed now than then. (And a part of the reason for doing away with the draft is so that there would be less objection by citizens who were wealthy enough to manage to be heard.)

  5. Re:or hand it over to a bunch of amatuers... on German Federal Police Helicopter Circles US Consulate · · Score: 1

    In a plurality rules system, if there are only three choices, then a candidate can get elected with 33.333334% of the vote. (Well, yeah, it's unlikely. But voting for the minority party you support most is, in effect, a vote for one of the top two parties that is least like what you want to support.)

    This is why elections should require a majority. There are various such systems. None are perfect, but plurality rules is nearly the worst. My preference is for Condorcet Voting, but Instant Runoff Voting is much easier to explain, and so is probably a better real system. Basically you rank the candidates you find acceptable, and in each round the candidate with the lowest number of votes is eliminated. This is done with one actual vote (i.e., when you rank them). At the end of a round, if you top preference was for a candidate who has been eliminated, then your secondary (tertiary, etc.) choice is used instead when counting the votes. The rounds end when some candidate gets a majority.

  6. Re:Meaningless ... on Google Speeding Up New Encryption Project After Latest Snowden Leaks · · Score: 1

    So you're saying "They do it too". OK. I agree with that. But that doesn't invalidate what I said.

    (OTOH, it is possible that this incident is why I remembered Airbus and Boeing in this context. Perhaps it was a different pair of companies.)

    I'm having a bit of trouble tracking down the origina incident that I was remembering, but I did find:
    http://www.economist.com/node/304958
    containing:

    The second accusation, that the Echelon surveillance system is now used for commercial gain, is particularly controversial and harder to prove. A report compiled last October for the European Parliament (which preceded the Campbell report) concluded that "there is wide-ranging evidence" that governments "utilise communications intelligence to provide commercial advantages to companies". It suggested that satellites used by telephone companies are monitored by sites in Britain, America, Canada, Australia and New Zealand, while cables under sea and on land, as well as microwave tower networks, are also tapped. Such monitoring is increasingly useful, because of the growing use of e-mail, faxes and the Internet by businesses to communicate. The Campbell report agreed that there is âoewide-ranging evidenceâ suggesting governments use spies to benefit companies.

    which suggests that my memory was not incorrect.

  7. Re:Is Google allowed to do this? on Google Speeding Up New Encryption Project After Latest Snowden Leaks · · Score: 1

    And THAT is why it can't be trusted unless it's Open Source. (There are other reasons why Open Source isn't sufficient, but it's a minimum requirement.)

  8. Re:Yes. Meaningless. on Google Speeding Up New Encryption Project After Latest Snowden Leaks · · Score: 1

    What you fail to understand is that most people on this board are unsikilled in politics, and are skilled in technology. If we try a political effort, are chances are small. Those who are skilled in politics will, we hope, be pursuing that endeavor. We are skilled technologically. Perhaps we can come up with some answer.

    It may not be a good hope, but it's a better chance than a geek going into politics. You play to your own personal strengths. Be aware of your weaknesses, and know yourself well enough to not trust your reactions in that area.

  9. Re:Meaningless ... on Google Speeding Up New Encryption Project After Latest Snowden Leaks · · Score: 1

    I don't recall the exact reference, but there has been at least one instance where a European company found rather convincing evidence that US intellignece data was used to benefit a US company bidding against a European company. I believe that the European company was Airbus, which seems to imply that the US company was probably Boeing.

    That being the case, I believe he was lying.

  10. Re:ALREADY KNEW !! on Google Speeding Up New Encryption Project After Latest Snowden Leaks · · Score: 1

    Not necessarily. This could well be something secure against everyone but Google. Of course, if Google is able to decrypt it, they may be required to share the information with various governments, but perhaps they expect due recompense in some form.

    Nobody seem to doubt that Google will be able to decrypt it. That's not what "end-to-end" should mean, but that's what people seem to believe it will mean. And proving that this is wrong, if it is, will be quite difficult.

  11. Re:End-to-end on Google Speeding Up New Encryption Project After Latest Snowden Leaks · · Score: 1

    A valid poiint. The number of people who could reasonably be expected to detect weak cryptography is very small. It's still easier if they have the source available. But there's also the problem of ensuring that the program being run matches the source code that was inspected.

  12. Re:The relationship between Google and Uncle Sam on Google Speeding Up New Encryption Project After Latest Snowden Leaks · · Score: 1

    Unless it's an approach where Google CAN'T decrypt the information. And that requires proof, which is probably not available. At a minimum it requires Open Source, but you also need to be able to prove that the software being run matches the source that is offered. And unless there's a secure method of key exchange I don't see how this could possibly work.

  13. Re:You can't trust any mainstream Linux distro on Ask Slashdot: Linux Security, In Light of NSA Crypto-Subverting Attacks? · · Score: 1

    I don't know about currently, but in the past I believe that NO Linux system was secure. Think of a cross between login and rainbow tables.

    That said, I find it amazing that simple precautions that could be default aren't even easy. E.g., after the first failed login you need to wait 2 seconds before you can try again. Square the delay for each successive failure. (2, 4, 16, ... seconds) (It's still reasonable to log failures, but if you don't keep the penetration from happening, the log can just disappear.)

  14. Re: If it is off on Ask Slashdot: Linux Security, In Light of NSA Crypto-Subverting Attacks? · · Score: 1

    You mean "...what it is claimed that a TPM does." I doubt that anyone posting knows what it actually does. (Possibly someone reading here does.)

  15. Re:Ken Thompson, Anyone? on Ask Slashdot: Linux Security, In Light of NSA Crypto-Subverting Attacks? · · Score: 2

    If you're going to play it THAT way, then the exploits go back to assembler and every early digital computer. (Analog computers had different weaknesses.)

    But please remember that early Fortrans (e.g. IBSYS FORTRANII) discouraged using pointers at all. I will grant that they didn't check array bounds, but the location of the array WRT the rest of the program was not guaranteed, and was subject to being changed with different compiler options. I don't know COBOL well enough to really comment, but it's my impression that arbitrary use of pointers was even more difficult in COBOL than in FORTRAN. Don't know about variants like FARGO.

    Ken Thompson's exploit was different in nature, in that it required a more sophisticated compiler.

    P.S.: Many "C-ish" compilers from the early 1970's, e.g. Lifeboat-C for the I8008, came with source code in assembler, and compiled to assembler.

  16. Re:Asking them nicely will stop help? on Time For X-No-Wiretap HTTP Header? · · Score: 1

    While there is evidence that the CIA has extensive business interests that could support it independent of US funding (not only illegal drug trafficing, but also many legitimate businesses), I know of no such evidence WRT the NSA.

  17. Re:Asking them nicely will stop help? on Time For X-No-Wiretap HTTP Header? · · Score: 1

    When you talk about how democracy is supposed to work, you are corred. Many people do suppose that it works that way.

    At least as implemented in the US (and, AFAIK, in other countries) it doesn't.

  18. Re:idiots. on Yahoo Issues Its First Transparency Report · · Score: 1

    I'm sorry, but this doesn't feel like Yahoo telling as much truth as they are allowed. This feels like some kind of game. I'm just not sure WHAT kind of game. It could be that they want the government off their backs, it could be that they want to suppor the Republicans, it could be something else...and something else has a wide range of options.

    But it doesn't feel like straight reporting.

  19. Re:Outraged, how dare the government violate me. on Yahoo Issues Its First Transparency Report · · Score: 1

    Also, is there any particular reason to believe that they are telling the truth? Or that the person who put the report together would even KNOW the truth?

    That said, yes, this feels like some kind of PR play. Just what kind I'm not sure.

  20. Re:Question? on New Jersey Congressman Seeks To Bar NSA Backdoors In Encryption · · Score: 1

    Nah, it was in a US History class. But I did find it quite interesting.

  21. Re:Question? on New Jersey Congressman Seeks To Bar NSA Backdoors In Encryption · · Score: 1

    Actually, I believe the answer is yes. This is subject, however, to the House Rules, which are decided upon by the House itself. I believe this means the House Rules Committee.

    P.S.: This actually may no longer be true, but it was true around 1875 (plus or minus quite a bit). And I've never heard that it changed. In the actual case the Representative eventually resigned to allow the Governor to appoint a replacement for the benefit of his party.

  22. Re:well, shit on Most Tor Keys May Be Vulnerable To NSA Cracking · · Score: 1

    If you really want to secure Debian, you can. Of course it will take a bit of extra work. AND you will need to stop updating via apt-get. AND...

    There are many good reasons why end-user systems aren't secure against high-powered intruders.

    P.S.: You *ARE* aware that repositories don't validate the signatures as matching the owner's key aren't you? At least not for anyone who can get a CA signing authority to say the key is valid.

    Rule of thumb: Don't put systems you wish to secure on the internet. Use a separate computer, and transfer files to/from it by burning CDs. Even then make sure that none of the files transferred have executable content. In that case any stable version of Debian should suffice. Of course, if this *were* to become common practice, someone would probably find a hole in it, but it would be difficult without physical intrusion.

  23. Re:a billion dollars... on Most Tor Keys May Be Vulnerable To NSA Cracking · · Score: 1

    I doubt it. If they were, why would they need that quantum computer they're ordering. It probably (currently) takes them hours or days.

    OTOH, perhaps they just want to be prepared for the backdoors going away.

  24. Re:Tongue in cheek on Would You Tell People How To Crack Your Software? · · Score: 1

    I think you overstate a basically correct case. I doubt that commercial software is, on the average, less reliable that pirated software. Less useful seems more frequently to be the correct statement, if I judge things correctly.

    OTOH, as I use FOSS software almost entirely, this is a judgement formed by reading posts on places like Slashdot. So YMMV.

  25. Re:So I must be blessed on Survey: Most IT Staff Don't Communicate Security Risks · · Score: 1

    I'm not really convinced that it's good practice to change passwords frequently. They need to be long, unpredictable, and memorable. That makes good ones hard to come by. If they aren't memorable, they'll just be written down. In fact they'll NEED to be written down if you change them very often.