Slashdot Mirror


User: swillden

swillden's activity in the archive.

Stories
0
Comments
18,006
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 18,006

  1. Re:Disappearing data can't work on Five Alternatives To Snapchat · · Score: 2

    I have hopes that in the future we may be able to embed secure key management hardware in devices, which will make this kind of stuff a lot harder to defeat, but ultimately nothing will ever be able to make sure that digital data actually goes away. DRM -- which is what this is, just in a slightly different form and for a different purpose -- doesn't work, and can never work, not in an absolute sense.

    Given the latter, why have hope for the former?

    Because "can't work in an absolute sense" isn't the same as "isn't useful". And having stronger key management will extend the range of utility by reducing the avenues of attack and increasing the scope of threat models under which it's secure.

    Of course, this still leaves open the problem of how to get people to understand the practical limits of the technology.

  2. Re:Blocked at work on Thank Goodness For the NSA — A Fable · · Score: 2

    E. Nothing to do with the NSA, and not a fable. His company's security sucked, they got hacked, the improved their security. That's TFA.

    Actually, it does derive directly from the NSA. Specifically, it comes from the NSA's research on Mandatory Access Control, which is the theory underlying all that discussion of "labels". MAC doesn't necessarily use encryption; in its original design it was intended that the operating system enforce the access controls, but it actually matches quite neatly with the capabilities of labels which correspond to private keys.

    So the fable (I agree that it's not a fable) is about using NSA-developed ideas to secure your data. All of the security technologies used in the story also had their roots in NSA work -- and in the past that meant that it was almost certainly good work, in fact among the best in the world. It's only recently that the NSA has apparently forgotten the part of their mission statement that involves keeping US security technologies strong.

  3. Disappearing data can't work on Five Alternatives To Snapchat · · Score: 3, Insightful

    The summary presents Silent Circle's subscription service as an alternative that accomplishes what Snapchat doesn't, but that's crap. Nearly all of the listed ways of preserving Snapchat messages will work with Silent Circle... and anything else that tries to do the same thing. Oh, I have no doubt that the Silent Circle app is a lot better at protecting your data in transit, and I'm sure it reduces message access to key access, so once you can verify that the keys are gone, the contents are effectively gone, but those keys are still vulnerable to all sorts of device hacks. They have to be.

    I have hopes that in the future we may be able to embed secure key management hardware in devices, which will make this kind of stuff a lot harder to defeat, but ultimately nothing will ever be able to make sure that digital data actually goes away. DRM -- which is what this is, just in a slightly different form and for a different purpose -- doesn't work, and can never work, not in an absolute sense.

    This isn't to say that Snapchat's disappearing messages aren't good enough for many purposes, and that Silent Circle's implementation isn't adequate for even more (assuming the people you want to talk to also have it), but anyone who thinks that they can send digital photos of their genitals to their friends, confident that only the recipient will ever see them, is simply mistaken. And anyone who wants to use ephemeral messaging for any more important purpose is a fool.

  4. Re:Meh on Apple Denies Helping NSA Subvert iPhone · · Score: 1

    So, don't buy a phone online and have it shipped to you. Buy retail only.

    The opposite would probably be better. It would make more sense for the NSA to reroute shipments to retail stores, that way they can hack a whole bunch of phones at once.

  5. Meh on Apple Denies Helping NSA Subvert iPhone · · Score: 2, Insightful

    Per the video, the NSA iPhone compromise requires the NSA to obtain physical access to the device, and suggests they did this by rerouting shipping.

    To me, that says that what they've done is exploited holes in iOS -- of which there have been many, that's how jailbreaks are possible -- and used them to install their own spyware. There's not only no need for them to involve Apple to do such a thing, involving Apple would actually be a bad idea, because it increases the number of people who know about it and might leak it.

    I believe Apple had nothing to do with it. I believe the NSA has spyware for every version of iOS ever made, as well as Windows, OS X, Android, Linux (well fragmentation of the last two means there might be some versions which are safe -- but not the major ones), AIX, etc. If they don't, they're not doing their jobs. I don't think anyone should be the slightest bit surprised by any of this.

  6. Re:Org-Mode in Emacs on Ask Slashdot: Life Organization With Free Software? · · Score: 1

    +1 for org-mode. It's got a steep learning curve, but it's awesome.

  7. Re:Or, stay low tech ... on Ask Slashdot: Life Organization With Free Software? · · Score: 1

    Hell, I don't have to encrypt it at all. My handwriting is so bad that if the NSA could interpret it I'd gladly send them copies of everything in exchange for legible transcripts.

  8. Re:If you ever talk to someone wearing Google Glas on A Year With Google Glass · · Score: 1

    You're forgetting that /.'s audience has dwindled down to mostly just the paranoid libertardian techies.

    The "techies" part is debatable.

  9. Re:"Future is on its way"... Nope on A Year With Google Glass · · Score: 1

    You don't know for sure it's not recording you except the bright red LED that comes on when it's recording you, like on any camcorder made in the last 15 years.

    The current generation of Google Glass doesn't have "recording active" LED. The screen is on when recording, so there is some light, but it's not obvious whether it's from something being displayed or Glass recording.

    I suspect the commercial release of Glass will have a recording light.

  10. Re:(DRAMATIC SIGH) on The Hobbit and Game of Thrones Top Most Pirated Lists of 2013 · · Score: 2

    $2.99 to rent a film for 3 days is a fucking rip off?

    It's not so much that it's a ripoff, but that it deters rentals. It's just a stupid business practice.

    I often decide not to rent something when browsing because I'm not sure I have time to watch it before the rental period expires. I may or may not ever stumble across it again later when looking for something to watch. Give me multi-month access for $3, and I'll rent stuff on a whim. Make it viewable multiple times, and I'll rent even more, because I may rent stuff that I think I'm only marginally interested in but my family might want to see.

    On the other side, what's the potential loss? I've been renting movies in various formats for 30 years. I don't believe I have ever, in that entire time, rented a movie and then rented it again within a few months. If I have done it, it's definitely only been a very small number of times, a tiny, tiny fraction of the number of times I've rented. I don't think I'm unusual in this. So, shutting off access after a few days, or a single viewing, is not going to extract another rental fee from me.

    Back when I was renting physical media, there was a clear purpose for the short rental periods. They needed the tape or DVD back so they could rent it to someone else. With streaming media that issue is gone. The cost of streaming a movie to me is negligible, and there is no limit to the number of people they can rent to simultaneously. So if the content owner's goal is, as would seem logical, to extract the maximum possible amount of money from viewers, they should allow repeat viewings (which will hardly ever be used) and long rental periods -- not long enough that rental can be confused with purchase, but long enough that people don't have to think about whether they'll have time to watch it before the period expires.

  11. Re:Clearly losing money? on The Hobbit and Game of Thrones Top Most Pirated Lists of 2013 · · Score: 1

    You're still ignoring the fact that piracy motivates some purchases that would not otherwise have happened, either directly, where pirates decide a work is so awesome they want to buy it, or indirectly, via buzz created by pirates who don't buy themselves but whose word-of-mouth recommendations motivate other buyers. It also eliminates some purchases that otherwise would have happened.

    Whether or not piracy costs content owners depends on the ratio of those two things. What is that ratio? It's different across different types of works, and hard to pin down even in one specific case. The most careful studies done to date mostly conclude that piracy is neutral to beneficial for copyright owners, but there are still a lot of unknowns.

    In general, we can't really say whether piracy really costs or benefit content owners, or to what degree. The fact that they're still enormously successful, however, at least gives us reason to believe it's not a problem.

    (Note that I personally do not pirate, nor am I a content owner of any note other than small bits of open source software packages, so I have no stake in this.)

  12. I'd modify your list a little:

    If a company is not compelled by law to surrender information, they are forbidden to volunteer it.

    Instead, how about "Unless required by law not to disclose it, organizations are required to notify each person whose information they share. Said notification is required each time the information is shared, and must include the information shared, the party to whom it is disclosed, the purpose of disclosure, and the privacy commitments provided by the receiver, which must be at least as restrictive as those of the sharer. In the event of information shared in aggregated form, the notification must be delivered to a government agency whose responsibility it is to evaluate whether or not it may be possible to identify any individual included in the aggregate. If so, the organization that shared it is required to notify all identifiable individuals. Failure to notify results in steep and exponentially-increasing penalties."

    Obviously the goal here is to address information sharing between all sorts of organizations, governmental and commercial, including company-to-company, company-to-government, government-to-company and even government-to-government... including US government to foreign government. Note also that there's nothing in there about "first to share"... the notification requirements exist at every step. Because this would be a dramatic, and in many cases expensive, change in notification burden, it should be phased in over time, but it should ultimately apply to all personally-identifiable information, even information which is currently considered public. Oh, non-commercial sharing by private individuals should be exempted, and "non-commercial" should be defined pretty loosely... posting a friend's wedding announcement on your blog shouldn't be a crime, even if you happen to have some ads on it. There are undoubtedly other adjustments that need to be made to the concept, even though I've tried to be as thorough as I can.

    Your "forbidden to disclose" is pithier, but I'd like to leverage this to address commercial sharing as well, and I don't think flatly forbidding that is in society's best interest. I think instead making people aware of what is being done and allowing them to make decisions about who they interact with, based on different organizations' privacy policies (which should be legally binding... may need some language about that, too), allows the most flexibility for an information-driven society to evolve, but allows individuals to retain control.

    Further, I'd limit the "disclosure restricted by law" bit. Restrictions on disclosure should be temporary, and their duration should be specified in the initial (court-reviewed) document, with reasonable justification. When the time expires, it should be the responsibility of both the agency that requested the information and the organization that provided to provide full disclosure to the target, including supporting documentation explaining the rationale. If, as the expiration approaches, the agency has reason to extend it, it can go back to court and justify the extension. Oh, and "because this would be embarrassing" should be specifically excluded as justification for restricting disclosure.

  13. Re:"Just let them have this one" on Parents' Campaign Leads To Wi-Fi Ban In New Zealand School · · Score: 1

    As sympathetic as I am to these people, no parent should have to outlive their child..

    Where is that written. Not so long ago most families lost at least one child at young age. So its not even remotely historically accurate.

    And, historically, parents always felt that they should not have to outlive their children. The fact that it was common never made it anything less than heartbreaking.

  14. Re:"Just let them have this one" on Parents' Campaign Leads To Wi-Fi Ban In New Zealand School · · Score: 1

    The whole "give in just a little so we can all get along" mentality is part of what's wrong with just about EVERYTHING nowadays.

    It's also part of what's right with just about everything nowadays.

    Seriously, willingness to compromise your own wishes to accommodate others is the basis for human cooperation, which is the basis for not only not killing each other at an astounding rate (archaeological evidence suggests that pre-historical peoples had homicide rates about three orders of magnitude higher than is typical for first-world nations today), it's also the basis for all of the societal structures that enable commerce, technological progress and government, among many, many more.

    I agree with you that the number of ridiculous compromises has been rising in recent decades, but that's been accompanied by large reductions in all forms of violence, including both retail and wholesale murder as well as rape, bullying and domestic abuse, just to name a few. I don't think the two are unrelated; I think both are driven by an increased willingness to "give in just a little so we can all get along", due to increased levels of empathy, and eye-rollers like unnecessarily removing Wifi are probably an acceptable price, as long as it isn't too high. In this case they're replacing Wifi with wired Ethernet, so they'll get some significant reliability and bandwidth benefits out of the change as well... and eventually I'm sure they'll put the Wifi back.

  15. Re:That's impossible! on Hearing Shows How 'Military-Style' Raid On Calif. Power Station Spooks U.S. · · Score: 1

    California banned all those evil high powered rifles.

    Actually, California banned so-called "assault weapons", which are small-caliber, low to moderate-power rifles. Your granddad's deer rifle, on the other hand, is high-powered.

  16. Re: De- & Redamaged on Have a Privacy-Invasion Wishlist? Peruse NSA's Top Secret Catalog · · Score: 1

    Not a problem. GCHQ will be happy to take care of that for them.

  17. Re:Going to PMITA prison! on Convicted Spammer Jeffrey Kilbride Flees Prison · · Score: 1

    Cite?

  18. Re:Going to PMITA prison! on Convicted Spammer Jeffrey Kilbride Flees Prison · · Score: 2

    You should use gmail and lose the hate along with the spam you'll no longer see. You'll live longer.

  19. Re:You did make it up on Sherlock Holmes Finally In the Public Domain In the US · · Score: 2

    US law governs a copyright's enforceability in the US. How could it be any different?

    Because of international treaties; the Berne convention, among others.

    The Berne convention requires that signatories' copyright statutes meet some requirements for duration and scope of copyright, but it doesn't say that people in one country must apply the law from another country.

    US copyright laws apply in the US, regardless of whether the copyright owner is US-based. Same for other countries; they each get to apply their own laws.

  20. Re: on US Federal Judge Rules NSA Data Collection Legal · · Score: 1

    You're still missing the point. The overall system, comprising the automated learning model + human analysis, still has to achieve impossibly high levels of accuracy. Decomposing it into two stages doesn't change the problem.

  21. Re:Censorship by Another Name on Internet Commenting Growing Away From Anonymity · · Score: 0

    So, no evidence, just an assumption which you, at least, consider reasonable. That's not particularly convincing.

  22. Re: on US Federal Judge Rules NSA Data Collection Legal · · Score: 1

    And once you've got your 10,000 monthly candidates, then what?

    Then you have to use some kind of systematic process (whether automated, manual or some mixture) to narrow that list down to the 50 terrorists (less the ones that slipped through the first filter). Thus, you're back to the original problem.

  23. Re: on US Federal Judge Rules NSA Data Collection Legal · · Score: 1

    Note that you haven't actually changed the problem at all, just added humans to the system that needs to be better than 99.99998% accurate.

    Though you have accurately identified one of the major reasons why the human part of the human/machine system will never achieve that level of discrimination: ass-covering.

  24. Re:True Terrorism on US Federal Judge Rules NSA Data Collection Legal · · Score: 5, Insightful

    You should be even more outraged if you live outside USA. This is about if US citizens have any kind of right, but what is not even considered is that foreigners have human rights at all for them, outside borders is free hunting area.

    In fairness, inside the USA is fair hunting areas for foreign intelligence agencies.

    That fact highlights another issue, though, which is that even if all countries protect their own citizens from snooping by their own agencies (most don't, actually), this is easy for allied powers to work around through sharing agreements. "I'll spy on your people and you spy on mine, then we'll swap". We need to institute some protection against that as well.

  25. Re:Expected on US Federal Judge Rules NSA Data Collection Legal · · Score: 0

    sarcastic insinuations of sweeping corruption not backed by any evidence?

    Are you serious? How much evidence are you prepared to ignore?

    -jcr

    None.

    Do you have any? Note that I mean evidence, not supposition, not tenuous conclusions drawn from potential coincidences.