So, the guy didn't learn from the Industrial Revolution (and revolutions since) that all the fear of 'no more jobs for anyone' ended up being unfounded?
This happens every time something new comes in. Yes: it does cause some people to loose their jobs as what they do can be done more cheaply by new tech, but it creates more jobs elsewhere. Remember the Luddites who went around smashing up the new mill machine. They wore clogs as shoes and stuffed them into the machines (which is why we say things are 'clogged up') and gave rise to the word 'sabotage' ('sabot' is the French word for 'clog').
I would certainly hope that, as several of you writing above have said, that they have to continue work but will be paid retroactively. It really would be taking the piss if they insist that others work unpaid but they continue to take an income when they are the ones who are causing the rest of you pain.
Myself: I am a Brit, so I just look across the pond and shake my head in puzzlement.
I am not saying that it is what happened this time, but we have to expect that the various governments that are tooling up for ''cyber warfare'' are going to want to try out their toys. A DOS is one of the ''cyber weapons'' that they will use, in addition to cracking web sites, virus infection,... For a government 100 Gbps is not going to be expensive.
I wonder how far they have progressed on cyber alliances, so, perhaps, 10 NATO countries could each contribute their 10 Gbps DOS asset to create a 100 Gbps DDOS capability.
The Sakharov prize is awarded (as far as I can see) by the European Parliament, a body that, in the UK at least, is seen as far away and irrelevant -- where it does decide things its decisions are seen as barmy. It seems to not have been doing much in standing up to the USA to protect European rights. The members of the parliament might see this as a chance to be seen to be an effective and robust body; but I suspect that they will be supine as usual.
I expect that the USA is using whatever influence it has with MEPs to prevent what would be an enormous embarassment.
I had not heard about this new style sheet standard. Do I need to start to use it on my web sites ? Does it protect my sensitive information from the commies/taliban/mafia/... ? Which browsers support it ?
They probably exploited that many of their customers used the same password for their site and the email account.
Which makes the linked-in customers idiots. However: if this is what linked-in have done then they should be prosecuted to the fullest extent of the law, in the UK that would be under the computer misuse act, those responsible should be extradited from the USA if necessary. I am not talking about some minion in a technical department but the director who was responsible.
SELinux is the least of our worries. It's not impossible to hide backdoors or vulnerabilities in an open-source product, but it is pretty difficult.
Most people look in the kernel; however a large part of SELinux is the rule base that it uses. This is poorly documented, very complex, written by each distribution that uses SELinux (ie multiple, unchecked implementations) and potentially modified with every RPM that you install on your system.
What would you do if you where a Chinese or Russian spook and discover a NSA backdoor in Linux ? You could cry foul! to Linus and get it fixed. However: a much more profitable action would be to silently fix it in your own security critical machines and then exploit it as much as possible on your targets in the West.
You can trust code you yourself write to not be concealing deliberately malicious intent.
Just remember that you typically only write a small amount of the code that ends up in your program. Do you use printf() and other library functions, or do you write the code to do system calls yourself ?
The first thing that we need is a good audit of programs, protcols, algorithms.
That won't be easy. Open Source stuff has a head's start, but someone needs to read it all.
We knew that Skype was broken, but what else: SSL ?
As for encryption algorithms, there are only a handful of people in the world
who are really qualified to check them; what if their opinions can be
bought/blackmailed... ?
This will take a lot of effort, but what good is GPG if the encryption algorithms that it uses have been weakened ?
You might try overwriting the data, but that makes the assumption that a write is to the same place as the data was a second ago. Ext3 does not guarantee that and SD cards avoid it to ensure wear levelling. It is harder than you think.
If he wins his case will the individuals at the Consumer Product Safety Commission be personally liable to pay his costs & the Commission's legal bill ? After all: they were the ones who made the decision to engage in reckless litigation!
I am not saying that this would not have happened without his revelations, but I suspect that the feelings of antipathy that he has helped to stir up about the NSA & government spying have given companies more courage in pushing harder to challenge these things. Maybe for fear of loosing users if they are seen to cave in too easily, maybe because they really do want to do the right thing and feel that the tide might turn and make the effort worth while.
Inside the NSA is probably an amusing place to bea fly on the wall at the moment. All sorts of new procedures to try to stop someone else doing the same thing. However: it won't work, any defences that a man can put in place can be circumvented by another man, especially one working on the inside. They can make it hard, but not impossible - at least if they want their systems to remain useful. They have, at some level, to trust people to be able to operate.
The only way that the NSA can stop future embarassing revelations is for it to behave in a reasonable and moral way. That means a complete change of culture.
I did not say ''behave in a legal way'' since corrupt laws can easily be written.
Send it to all NSA operatives; will give them an electric shock when they look at someone's Internet data for whom they do not have a relevant court order.
I am not surprised, they have blown their budget spying on everyone; so they don't have any funds left to tell us what they have been up to.
How convenient!
If the pictures are deleted as soon as a citation is issued, there is no evidence to support or assist in refuting the citation. Or would you like to live in a world where the Police can say "the photographic evidence existed to charge this person with murder, treason, speeding, bestiality and voting Democrat, but he posted as a dipshit AC on/. insisting on the pictures being deleted after 3 minutes, so we deleted them and now it is up to him to provide evidence to prove his innocence".
It should be mandatory that if a citation were issued that the evidence were kept and made available to the defence.
Keeping this 0.001% of the pictures until the court process is complete is very different from keeping 100% of the pictures for 10 years.
Slashdot Mirror
So, the guy didn't learn from the Industrial Revolution (and revolutions since) that all the fear of 'no more jobs for anyone' ended up being unfounded?
This happens every time something new comes in. Yes: it does cause some people to loose their jobs as what they do can be done more cheaply by new tech, but it creates more jobs elsewhere. Remember the Luddites who went around smashing up the new mill machine. They wore clogs as shoes and stuffed them into the machines (which is why we say things are 'clogged up') and gave rise to the word 'sabotage' ('sabot' is the French word for 'clog').
I would certainly hope that, as several of you writing above have said, that they have to continue work but will be paid retroactively. It really would be taking the piss if they insist that others work unpaid but they continue to take an income when they are the ones who are causing the rest of you pain.
Myself: I am a Brit, so I just look across the pond and shake my head in puzzlement.
See many a SciFi novel.
I am not saying that it is what happened this time, but we have to expect that the various governments that are tooling up for ''cyber warfare'' are going to want to try out their toys. A DOS is one of the ''cyber weapons'' that they will use, in addition to cracking web sites, virus infection, ... For a government 100 Gbps is not going to be expensive.
I wonder how far they have progressed on cyber alliances, so, perhaps, 10 NATO countries could each contribute their 10 Gbps DOS asset to create a 100 Gbps DDOS capability.
The Sakharov prize is awarded (as far as I can see) by the European Parliament, a body that, in the UK at least, is seen as far away and irrelevant -- where it does decide things its decisions are seen as barmy. It seems to not have been doing much in standing up to the USA to protect European rights. The members of the parliament might see this as a chance to be seen to be an effective and robust body; but I suspect that they will be supine as usual.
I expect that the USA is using whatever influence it has with MEPs to prevent what would be an enormous embarassment.
Now all that I need to do is to get my home made EMP device small enough to carry on ....
I had not heard about this new style sheet standard. Do I need to start to use it on my web sites ? Does it protect my sensitive information from the commies/taliban/mafia/... ? Which browsers support it ?
They probably exploited that many of their customers used the same password for their site and the email account.
Which makes the linked-in customers idiots. However: if this is what linked-in have done then they should be prosecuted to the fullest extent of the law, in the UK that would be under the computer misuse act, those responsible should be extradited from the USA if necessary. I am not talking about some minion in a technical department but the director who was responsible.
SELinux is the least of our worries. It's not impossible to hide backdoors or vulnerabilities in an open-source product, but it is pretty difficult.
Most people look in the kernel; however a large part of SELinux is the rule base that it uses. This is poorly documented, very complex, written by each distribution that uses SELinux (ie multiple, unchecked implementations) and potentially modified with every RPM that you install on your system.
What would you do if you where a Chinese or Russian spook and discover a NSA backdoor in Linux ? You could cry foul! to Linus and get it fixed. However: a much more profitable action would be to silently fix it in your own security critical machines and then exploit it as much as possible on your targets in the West.
You can trust code you yourself write to not be concealing deliberately malicious intent.
Just remember that you typically only write a small amount of the code that ends up in your program. Do you use printf() and other library functions, or do you write the code to do system calls yourself ?
The problem is, that openVPN is also backdoored.
Please supply us with some evidence or a link to something to support your assertion.
The first thing that we need is a good audit of programs, protcols, algorithms. That won't be easy. Open Source stuff has a head's start, but someone needs to read it all. We knew that Skype was broken, but what else: SSL ?
As for encryption algorithms, there are only a handful of people in the world who are really qualified to check them; what if their opinions can be bought/blackmailed ... ?
This will take a lot of effort, but what good is GPG if the encryption algorithms that it uses have been weakened ?
You might try overwriting the data, but that makes the assumption that a write is to the same place as the data was a second ago. Ext3 does not guarantee that and SD cards avoid it to ensure wear levelling. It is harder than you think.
Perhaps largely populated by First Posters ?
If he wins his case will the individuals at the Consumer Product Safety Commission be personally liable to pay his costs & the Commission's legal bill ? After all: they were the ones who made the decision to engage in reckless litigation!
No: I thought not.
I am not saying that this would not have happened without his revelations, but I suspect that the feelings of antipathy that he has helped to stir up about the NSA & government spying have given companies more courage in pushing harder to challenge these things. Maybe for fear of loosing users if they are seen to cave in too easily, maybe because they really do want to do the right thing and feel that the tide might turn and make the effort worth while.
Inside the NSA is probably an amusing place to bea fly on the wall at the moment. All sorts of new procedures to try to stop someone else doing the same thing. However: it won't work, any defences that a man can put in place can be circumvented by another man, especially one working on the inside. They can make it hard, but not impossible - at least if they want their systems to remain useful. They have, at some level, to trust people to be able to operate.
The only way that the NSA can stop future embarassing revelations is for it to behave in a reasonable and moral way. That means a complete change of culture.
I did not say ''behave in a legal way'' since corrupt laws can easily be written.
Send it to all NSA operatives; will give them an electric shock when they look at someone's Internet data for whom they do not have a relevant court order.
get rid of them.
What for ? Most democracies seem to be 2 party states and ''the other lot'' are usually just as bad.
It is one that governments are trying to spread in their populations so that they/we become unaware of how they spy on us.
But why do they need an awful soundtrack ? What is wrong with silence ?
I am not surprised, they have blown their budget spying on everyone; so they don't have any funds left to tell us what they have been up to. How convenient!
If the pictures are deleted as soon as a citation is issued, there is no evidence to support or assist in refuting the citation. Or would you like to live in a world where the Police can say "the photographic evidence existed to charge this person with murder, treason, speeding, bestiality and voting Democrat, but he posted as a dipshit AC on /. insisting on the pictures being deleted after 3 minutes, so we deleted them and now it is up to him to provide evidence to prove his innocence".
It should be mandatory that if a citation were issued that the evidence were kept and made available to the defence. Keeping this 0.001% of the pictures until the court process is complete is very different from keeping 100% of the pictures for 10 years.
But you still repeat the euphemism confiscate, that should be stolen.