Slashdot Mirror


User: Kjella

Kjella's activity in the archive.

Stories
0
Comments
19,363
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 19,363

  1. Re:Um, on TrueCrypt Audit Back On Track After Silence and Uncertainty · · Score: 2

    Maybe the first clue should be the "other encryption tools" they urged people to use? "Don't use this open source tool, use a closed source tool from Microsoft located in Redmond, Washington, US - home country of the NSA." You can not take that message seriously, it's so absurd that the only purpose of it would be to utterly destroy their credibility. So far we're in agreement. There are three cases where they might do that:

    1. There is already a backdoor and they've been under a gag order for years, but decided to release a "canary"
    2. There is already a backdoor and they first discovered it when they released their "canary"
    3. They were being pressured to include a backdoor and instead released a "canary"

    The first one seems highly unlikely, why come with this out of the blue two years after their last release? And if you're going to take the flak for violating a NSL or such, why not come forward as a hero instead of anonymously disappearing into a federal prison? It doesn't make sense. The second one doesn't either, if you're not under a gag order why not publish the backdoor and fix? Why go out in an ominous "you really shouldn't use our software" way? And the likelihood of them finding it in software they're hardly touching and haven't made a release of in two years also seems really slim.

    The third possibility makes perfect sense though. The software from 2012 is fine, we're being pressured in 2014 to make a new and compromised version. We can't tell who'll take over our domain/keys and what they'll do after we've been silenced, so we're releasing a canary to make sure nobody will trust anything we say from now on. Hopefully the audit will clear 7.1a of any suspicion leaving the general public with a "last known good version" while we keep our integrity and don't wind up in prison.

  2. Re:Hmm? on TrueCrypt Audit Back On Track After Silence and Uncertainty · · Score: 2

    That isn't an either-or thing, more like belt and suspenders. Having crypto-experts review it reduces the risk of subtle compromises going unnoticed, having the general public review it reduces the risk of the reviewers being compromised. To be honest though, I feel the value of a crowdsourced review would be really low. I expect an NSA backdoor to be subtle and highly unlikely to be found by a casual review by developers not particularly specializing in security and code audits. On the other hand it can't harm, all it takes is one man getting "lucky", if you want to be that man the code is open for everyone to look at.

  3. Dismissing all data protection laws on Federal Court: Theft of Medical Records Not an 'Imminent Danger' To Victim · · Score: 3, Interesting

    Although it is alleged that St. Joseph's failures "proximately caused" these injuries, the allegation is conclusory and fails to account for the sufficient break in causation caused by opportunistic third parties. The injuries, to the extent that they meet the first prong, are "the result of the independent action of a third party" and therefore not cognizable under Article III.

    1) Company leaks your data
    2) Third parties abuse your data
    3) You don't have standing to sue company, because you've been harmed by third parties.

    Who else would have standing to sue expect for the people whose data is being protected? This is basically saying nobody has standing and the law is null and void. This judge should rule the Snowden trial, if there ever is one. He'd dismiss all charges because the US government would lack standing, they haven't been harmed by Snowden's actions only the actions of independent third parties acting on his information. That's a clear break in causation, don't you agree?

  4. Re:'Programmer' working with live data? on Scotland's Police Lose Data Because of Programmer's Error · · Score: 3, Informative

    Very convenient, and of course we all know programmers develop their code on the only copy of a live database (of which there are no backups)...

    I know of at least one project from my former life as a consultant where that happened, the production server was available and being set up to match development for the first release, then it kinda just rolled into production without anyone notifying IT so all the production monitoring, backups etc. was never turned on. They were not happy when they eventually found out many months and many, many manhours of production data later, but fortunately nothing bad happened in the mean time. Or another project I was on, where finance had kinda built their own system outside IT that they de facto used for reporting but wasn't supported in any way. If you haven't seen it happen, be grateful.

  5. Re:Class action lawsuit ? on How NSA Spies Stole the Keys To the Encryption Castle · · Score: 4, Insightful

    So if somebody breaks into your house, steals your car keys and proceed to run somebody over they should sue you for manslaughter? Because you know you could have put those in a safe inside a vault inside a bunker and not in your spare pair of pants. No, what you describe is pretty much the reason the US legal system is what it is and having a ton of good lawyers on staff is a necessity. And it wouldn't really stop the NSA anyway.

  6. Re:How is this even remotely legal? on How NSA Spies Stole the Keys To the Encryption Castle · · Score: 4, Insightful

    "We are the law."

  7. Re:really? on Delivery Drones: More Feasible If They Come By Truck · · Score: 1

    How is this better than the driver getting out of the truck, walking up to your front door, and putting the parcel down.

    Well from the description of autonomous mid-flight and dedicated landing crews it seems their main idea is delivering many packages while the truck is moving slowly through the area launching new deliveries coming into range as finished ones come in. I have my doubts about flying drones as the last mile delivery vehicle though, they'd probably do better with a small fleet of rolling drones travelling at under 10 km/h along pedestrian walkways - that will let you escape a lot of regulation around here, they can hold on to the package until they get a signature/payment and depending on type they can probably cross most terrain you'd come across as long as they don't run into the street. Except for brats tipping them over, but I suspect flying drones will get their share of harassment. And the nearby truck could always be called in to assist if there's some kind of problem.

  8. Re:someone explain for the ignorant on Credit Card Fraud Could Peak In 2015 As the US Moves To EMV · · Score: 2

    One problem with C&P is the "offline PIN" mode which doesn't exchange data with the bank. In the UK, at least, the consumer is liable for any fraud with a C&P card as it is assumed that if the PIN was entered correctly it was by the cardholder.

    Fairly sure this is not so in Norway, liability is put on the merchant because they are the only ones who can invest in systems to bring and keep terminals online. Even waiters at the table generally have online wireless terminals for this, apart from one bus company that apparently haven't updated their terminals in ages, a few old parking meters and a few remote cabins selling coffee and snacks to cross country skiers it's all online. I've used it if their line is down, but then it's in their interest to fix the line and get the sales validated ASAP. Particularly many teens only have VISA Electron, if it's not online they can't pay at all, no backup for them.

  9. Re:And so Linux has become a boring mess... on Torvalds: "People Who Start Writing Kernel Code Get Hired Really Quickly" · · Score: 1

    Well, I guess that opens a philosophical discussion of whether writing device drivers counts as "kernel coding" at all.

    Well, kernel-space drivers have the ability to poop all over the system so I'd say being able to write those without people yelling at you indicates some skill. Doing a little tweak so your obscure USB webcam that is 99% similar to all the other webcams work probably not so much. Though if all you're looking for is a one-liner to get your name on the list that might not matter much, I did run into a crash bug on a -rc1 kernel that was simply a missing description causing a null pointer kernel panic but unfortunately I was a few hours short of being the first one with that exact device ID and a patch. Just for the "kernel hacker" title.

  10. Re:so on Obama Says He's 'A Strong Believer In Strong Encryption' · · Score: 1

    "leaving law enforcement a way in" like a warrant?

    In case you haven't noticed a warrant is a piece of paper and not a very magical one at that. If all they have an encrypted phone and Apple/Google/Microsoft says "Sorry, we don't have a backdoor. The only way to decrypt it is with the correct PIN and after 4 wrong tries it'll wipe itself." they can wipe their ass with it. At least until they do an end run around the 5th amendment and introduce some RIPA-like legislation in the US, if you have encrypted data and can't/won't decrypt it you go to jail. Or just face contempt of court charges forever, not sure if they can already do that our not. Or Gitmo and waterboarding as a terror suspect or something if you're not from the US.

    I guess you might say that this is already a problem with full disk encryption, GPG for communication and so on and that's probably true. But they really, really don't want that to be something the everyday user uses. They like their warrants, which is why they don't like unbreakable crypto. At the same time they don't want everybody else spying on US citizens, corporations and governments so they want unbreakable crypto. Since they can't eat their cake and have it too, they're looking for crypto only they can break.

    Of course the ugly part is that the rest of the world is exactly the same, the Chinese want to be able to spy on everybody but they don't want everybody to be able to spy on China. And that means the idea of a government-mandated backdoor is going to have a really hard time to fly in a global world, what happens if I take my work laptop to the US for a business meeting? Either you must say I can't because it doesn't have the proper backdoors or the whole idea of "recoverable" backdoors disappears in a puff of smoke.

  11. Re:Wait till the time is right? on Another Star Passed Through Our Oort Cloud 70,000 Years Ago · · Score: 1

    Sure. If we want to wait tens, hundreds, thousands or millions of centuries before something comes close enough. And then we have to hope that it's something useful and habitable.

    And the last part is pretty huge too. Unless we're seriously going to up our game on planetary terraforming we have some pretty specific requirements for gravity, temperature and magnetic field so the atmosphere and surface water isn't stripped away by the local star and bombarded with radiation if we want another "normal" earth where we can eventually walk around outside. Composition of atmosphere too, though CO2 concentration is not that much of a problem as we have algae that'll grow in 100% CO2 and convert it to oxygen if everything else is right.

    For all the challenges of interstellar space travel it'll probably still be a better choice to find the right planet rather than wait for the planet to come to us. Assuming we go with embryo space colonization going the extra mile might not make that much of a difference as it'll be basically frozen in time flying through space, only the power source and the computers have to last that much longer.

  12. Re:Moving to a future where you pay for freedom on Privacy: the 21st Century's Newest Luxury Item · · Score: 1

    Getting things done without giving up your privacy is more complicated. e.g How do you get merchants to ship stuff to you without giving up your home address? You have to rent space at a mailbox store, which can act as a proxy to accept your packages. That complication incurs additional cost which someone (i.e. you) has to pay for.

    Actually this one would be trivial to solve at negligible cost if the delivery company would provide the proxy address service. You enter your real address on the delivery company's site, they give you a proxy indicating the right area for shipping cost/tax/fulfillment purposes which you can give to the merchant. They ship it, the delivery company scans the code and deliver it to your house.

  13. Re:Technology can NOT eliminate work. on What To Do After Robots Take Your Job · · Score: 1

    It's not that we're running out of jobs, it's that the bar for being a productive worker keeps raising. Just 100 years ago you could hand someone a saw and an axe and tell them to make firewood. 50 years ago they'd get a chainsaw and cleaver. Today huge logging machines produce firewood cheaper than we could do paying ourselves minimum wage. Operating such a logging machine requires far more qualifications than swinging an axe, while the simple way of doing it has lost economic value to society.

    We're seeing shortages of highly qualified professionals and intense competition for low-threshold jobs like taxi drivers, store clerks and warehouse workers. Why don't they become doctors, engineers and such? Maybe because it's not that easy for everyone. And we're working hard to eliminate those positions, for example here is a production robot warehouse of a big electronics supplier here in Norway, forward to 1:45 to see the actual robots. This is not a simulation or sales pitch, that's their actual warehouse system.

    I don't have to tell you there's s ton of work going on to make autonomous cars. Retail is increasingly threatened by e-tail and self-service systems like these reducing staff there as well. A friend of mine works in construction, the new trend is modular houses where they more or less come off the assembly line. Maybe a few of them are creative and can make money off design or art. Maybe a few have physical talents and can go into sports. Maybe a few lack opportunity, but I really doubt that since we have free public universities.

    On the flip side though we have healthcare, they claim with an aging population we'll need a lot more doctors, nurses and various other support functions for the elderly and that we'll be short of work. It sounds a little like canceling global warming with nuclear winter, but I'm not sure we'll actually run out of work no matter how much you have robo-farms with robo-trucks delivering groceries to robo-shops all by themselves. At least until we can provide a robo-nurse, but we don't have remotely the kind of technology for that.

  14. Re:Real Chess Players... on When Chess Players Blunder · · Score: 1

    Ok, that was a new term to me, so I dusted off my Wiki and found it is a term for Bishop in just three languages/cultures, with the predominant one being Russian.

    Actually it was a mistranslation from Norwegian where "offiser" = officer in English refers to any non-pawn piece, I don't recall if I was a knight or bishop down or I'd have said so. Apparently the correct way of saying that in English is to say I was a piece down according to meaning three here.

  15. Re:Thought process on AT&T To Match Google Fiber In Kansas City, Charge More If You Want Privacy · · Score: 4, Insightful

    How does this (from TFA):

    AT&T says it tracks "the webpages you visit, the time you spend on each, the links or ads you see and follow, and the search terms you enter... AT&T Internet Preferences works independently of your browser's privacy settings regarding cookies, do-not-track, and private browsing. If you opt-in to AT&T Internet Preferences, AT&T will still be able to collect and use your Web browsing information independent of those settings."

    equal this:

    Technical information collected from the use of Google Fiber Internet for network management, security or maintenance may be associated with the Google Account you use for Fiber, but such information associated with the Google Account you use for Fiber will not be used by other Google properties without your consent. Other information from the use of Google Fiber Internet (such as URLs of websites visited or content of communications) will not be associated with the Google Account you use for Fiber, except with your consent or to meet any applicable law, regulation, legal process or enforceable governmental request.

    The last blurb just makes it clear that Gmail's terms of service apply when you use Gmail, this doesn't supersede any other agreement. And if you use Hotmail or Yahoo or your own email server Google won't collect any information on you, but AT&T will.

  16. Re:Real Chess Players... on When Chess Players Blunder · · Score: 3, Interesting

    That's different, in poker you bluff when the probabilities are such that your opponent will lose calling you in the long run. In chess you're creating an objectively worse but more complicated position in the hope that your opponent doesn't have the skills, time and preparation/experience to play it optimally. I rarely do it when we're even, but I've gotten better at doing it when I'm behind.

    I remember one game in particular where I'm an officer down (-3) so I sack a few pawns (-3 + -2 = -5) to make his king open for attack, but it managed to set up a Q+R combo that he couldn't see a better defense against than sacrificing his queen for my rook (-5 +9 -5 = -1) and with Q vs exposed king I was able to eat a few more pawns and eventually go on to win the game. I did a computer eval on it and at worst it claimed my position was -8 as after the pawn sacks I'd lose another officer by force.

    But I won. If I'd just play passively trying to make my -3 position not worse he'd probably quietly swap pieces one by one until it was a winning advantage. I know I sometimes create such traps against significantly lower rated opponents, I know the threat is possible to defend against but why not see if he recognizes it because if he doesn't it could be an easy win. To genuinely outplay someone where they don't make any significant blunders is certainly possible but easy wins count as much as the hard ones.

  17. Re:This whole thing is a disaster waiting to happe on Mars One: Final 100 Candidates Selected · · Score: 1

    And that has always been what baffles me about this ... how is it even legal?

    Well, so far they haven't actually put people at risk, they're free to claim that they will be able to send people to Mars safely in the future as theoretically that may be possible. I'm sure they've got the necessary loopholes that if they can't actually offer you the alleged trip they owe these candidates nothing too, so nobody has a valid fraud claim. Don't worry I'm quite sure this scam won't ever involve an actual rocket.

  18. Re:Sad but not surprised. on NVidia Puts the Kibosh On Overclocking of GTX 900M Series · · Score: 2

    That seems fair. Screwing companies out of money should be the customers default position. After all, the companies' default position is screwing money out of its customers.

    So you think you should shoplift as much as possible from grocery stores? Hint: They'll just all increase prices to make you pay more, the only ones who wins are sellers of anti-shoplifting devices, cameras, guard companies and such. Same thing With illegitimate returns, the only thing his buddy is doing is pushing the cost of his own fuck-ups over on everybody else.

  19. Re:They haven't learned the lesson. on Valve Censoring Torrent References In Steam Chat · · Score: 3, Informative

    How many times do we have to teach idiots the lesson?

    1. Create a service.
    2. It gets popular.
    3. Apply heavy handed censorship.
    4. The Streisand Effect causes the censored items to propagate further (see: TFA)
    5. Lose the damn service by hemorrhaging users due to bad press.

    This day and age the profit step is Zeroth, gotta have money already to build popular platforms now.

    The story goes more like this:
    1. Create a service based on user supplied content, everything from YouTube to TPB.
    2. It gets popular because of illegally shared content, since most people ignore copyright law.
    3. You get big enough to get noticed and they threaten you with very expensive lawsuits
    4. You apply heavy handed censorship to keep them from putting the thumbscrews on you
    5. Discover that your users are fleeing while the copyright goons are never happy.
    6. Service collapses from dwindling income, high legal costs and closes doors.

    The only exception is if you get bought out by someone with deep enough pockets, like when Google bought YouTube. I don't see Steam having the same problem though as they deliver games from publishers, who pick the channels they'd like to publish through. I expect that soon torrents will be known as t0rrents on Steam Chat and the world will carry on as before.

  20. Re:Norway on Japan Now Has More Car Charging Points Than Gas Stations · · Score: 1

    It really doesn't make sense to compare Norway to anything else because our car taxes heavily penalize muscle cars while EV cars are tax free, creating a unique environment where the Tesla is cheap-ish. For example in the US the cheapest Ford Mustang has a MSRP of $23,800 and the Tesla P85D is $98170 after the $7500 tax credit. In Norway the same Ford Mustang costs 739000 NOK = $97336 and the Tesla P85D 768200 NOK = $101182 at current exchange rates and due to additional incentives it's actually cheaper. And the biggest engine Mustang, a $41800 car in the US costs 1279000 NOK = $168461 before extras.

    Everywhere but here the Telsa is a rich man's toy. Here a lot of the middle class who'd like a muscle car but has been put off by our insane car taxes settling for a normal family car in the $50-60k range have figured this is their one chance to own a sporty car on a normal budget and gone for a Tesla. I've even considered it myself because I know this is a political loophole - basically a very broad agreement long term agreement to push EV vehicles at a time when there was nearly none, running to 2017 that nobody wants to take the political fallout of backing out of even though it's been vastly more successful than anybody had anticipated.

  21. Re:Software "done", on Wayland 1.7.0 Marks an Important Release · · Score: 1

    Software "done", but neither tested nor documented yet. So, what do we have then? Shipped 1.7.0 because it compiled?

    Protocol done, nobody said the implementation was done except you so crawl back under the bridge.

  22. Re:Remoting status using Wayland? on Wayland 1.7.0 Marks an Important Release · · Score: 1

    Just to be clear, are you asking about Microsoft's Remote Desktop Protocol working with Wayland?

    Well it's originally based on an ITU-T recommendation, there are open source client implementations for most of it so yes. And from what I gather it's supposed to work but I haven't tried it.

  23. Re:Our local time capsule... on Vint Cerf Warns Against 'Digital Dark Age' · · Score: 2

    Well, luckily the trend has been away from tying one specific format to one specific media. Instead of the Audio CD you can have an MP3/OGG/AAC file that'll play from a HDD, SSD, USB drive, burned to a CD, DVD, BluRay, stored on a tape and so on. That eliminates the need for ancient equipment and media. Of course that doesn't really make it any easier for a time capsule, but the way to preserve is to copy forward. Along with integrity checking those photos you take today can be just as pristine in 100 years, unlike the photos of me as a kid. Maybe you could do better from negatives but the paper copies are all washed out and terrible after 30 years. And I doubt you'll have trouble finding a JPEG decoding library even if the RAW format has been lost in the mists of time.

  24. Re:Don't plead guilty on MegaUpload Programmer Pleads Guilty, Gets a Year In Prison · · Score: 1

    Shit a friend of mine had [a public defender] and when he sat down with her she hadn't even bothered to look at his case.

    Well, if they get a fixed number of hours per case and reading the case file would come out of that, I'd be inclined to do the same as reading legalese takes time even for a lawyer. Just to get the gist of:

    a) Why are you here?
    b) What are they charging you with?
    c) What evidence do they have?
    d) What do you want to do?

    From what I understand they get a lot of people who have been caught fairly red-handed and who's basically looking for leniency, far from everybody has a case worth going to trial over so if you get past the first filter of possibly having a case either due to the facts or the law, then they'd start reading. I'm pretty sure that's how I'd do it, unless I actually had spare time to read cases up front. Something tells me that's rare.

  25. Re:Do we need 8K, except for special purposes? on VESA Embedded DisplayPort 1.4a Paves Way For 8K Displays, Longer Battery Life · · Score: 2

    What you really need to know is this: Cinemas *at best* have DCI 4K, which has essentially the same resolution as UHD (4096x2160 theoretical, 3996x2160 actual for 1.85:1 and 4096x1716 for 2.39:1. Does cinemas - that can project a wall full with extremely expensive projectors look pixelated to you? No? Then you don't need 8K.