Technocrat never had had moderation or relationships and Bruce completely quit using Slashcode a long time ago... but I still think you comments are still pretty on target.
There is no such thing as trusted private encryption. Effective secure encryption is astoundingly complicated and you can not devise effective encryption in a vacuum. Lots of companies show us ineffective untrustworthy encryption which they develop in secret and which fail in short order... like CSS which is used on DVDs or the DRM in popular games and other digital media. Haven't you read folks on Slashdot mocking them for it?
So the best way is do everything out in the open and have people find the weakness in it before it goes into production. Because once it goes into production you don't need to be code breaker to enjoy the stunning stupidity of the fools that rely on private encryption... you only need to be able to find the app with google and download it.
Have a look at look at the ongoing contest for SHA-3. It's been reported here I think. Or you could the about how they came up with AES.
As a side note: Contests and prizes are remarkably effective method of spending the public's money for public good... as long as the results are open and patent free.
I had been reading Technocrat daily for I guess 9 or 10 years, I can't really comment on what facets of the community that Bruce objected to, so I will comment only on my observations.
The regular contributors of Technocrat were a pretty small group, so whenever one (or perhaps some) found themselves with a lot of spare time and an axe to grind they became the center of gravity of the site and swung the nature of the site to their particular interest, gripe, political view... or whatever. As contributors lost employment, ended relationships, faced large medical bills, and whatever other trials and tribulations people face they have a tendency to become vocal and extreme (while this is apparent to me in hindsight, as a daily observer, it can not possibly be apparent to casual readers).
The summary of the interests of the regular contributors includes disaster preparedness and self sufficiency... which occasionally crossed the line of rationality took on the appearance of armed lunatics holed up in their self constructed secret bunkers, prepared for a shooting war with both revenuers and the starving populous streaming out of the cities (and sometimes I suspected they expected zombies).
I know that a couple of the regulars have mental health issues and I suspect the number to be slightly higher than just 2. Not that I in anyway hold this against them... but I often wondered how our (very public) conversations must look to the outside world.
On several occasions, the world's circumstances focused most of the community on a single topic for comparatively long durations... and for some reason convinced the group that they were experts. The most recent of which is the global international econpocalypse, which convinced most of the group that they were expert economists, bankers, politicians, &tc. The result of this was long passionate diatribes of thinly veiled bigotries and prejudices of every possible flavor (which we all have)... Which naturally created flame wars increasing in extremist rhetoric. Combined with the interests I described above, the theme on Technocrat would take on this protracted dommerish theme... Perhaps we were never really able to overcome "John Gabriel's Greater Internet Fuckwad Theory".
Some of the most frequent Technocrat contributors habitually proselytized non-mainstream ideology which I personally found alarming and repugnant: Market Fundamentalist / Extremist Libertarianism, Nationalism & Jingoism, Christian Reconstructionism, Militancy, Fascism, Racism... it's a profoundly scary list.
Oh... and naturally we had trolls: two of them.
Now having said all of that... I feel like I should make a few disclaimers:
I was a contributor of technocrat. I also participated in these discussions and I also injected my own bigotries and prejudices into the conversation. Doubtless some christians and or capitalists were uncomfortable with or offended by some of my past comments. However I am not doing so in ostensibly in connection with my private business enterprise... this is a point lost on many of my fellow contributors at Technocrat, I think. And in this way I feel that we treated Bruce unfairly. Bruce is an important member of the Open Source community and it was very gracious of him to provide a sand box (or perhaps soap box) for us to play in. However I don't think we sufficiently recognized how the resultant community reflected on him.
If you look here on Slashdot you will find all of this, and more, in a single day... but generally it is overwhelmed by the volume of normal and reasonable comments... and the moderation system. such that it is.
You may get the impression that I intensely dislike many of the regulars at Technocrat. For the most part this is not the case, nearly all of them are good people, I would gladly have a number of them over to dinner and introduce to my "in real life" family. (excepting the trolls of course).
I have to say, I am profoundly disappointed in Bruce's decision. BUT, I completely understand and agree with it. I think Bruce is a really great guy... and I'd much rather see that he have more of an impact in our community than just running Technocrat
Re:Hey, remember when Ender's Game was good?
on
Ender in Exile
·
· Score: 1
I really don't disagree with your assessment of Card, I read Ender's Game some time ago and now I share much the same sentiments.
I hadn't noticed the UID thing... so they are so high now...interesting. I picked my nick a while ago, so I get where you've coming from.
Re:Hey, remember when Ender's Game was good?
on
Ender in Exile
·
· Score: 5, Funny
So... I have to ask. Did you come to that conclusion before or after you selected your nick?
I have come to the conclusion that it must be impossible to engage in any criminal activity which does not somehow involve child porn, as it seems to me that all stories of illicit behavior include accusations of trafficking in child porn.
Ed Felten called HDCP "A hook onto which to hang lawsuits" when if first came out.
I haven't heard much on BluRay Super Duper Double Plus Awesome DRM... but I've been ignoring it. I figure the whole HD-TV market is based on deception. I don't have the patience or tolerance to unravel all of it in order to make an informed purchase.
Hopefully HD-DVD, BluRay, HD-TV will all completely fail and something else a lot more open will take its place.
I am not sure I would depend on this case too much. As I understood it the state was not required to pursue to the key to secure a conviction but rather the guy was convicted based on the testimony of the customs guards. I would expect that unless absolutely required you would not see a full court press from the state, as they would be keen to keep their capabilities (technical, legal, or otherwise) unknown. I would also point you to the criminal who used the (Seagate?) hard drive encryption and got convicted anyway (mostly of being an ass I think)
I used the "'T'-word" because I assumed it would be under this guise some TLA would driving around snooping in this way. And the ease people get labeled as domestic terrorist these days. However, it just as easily be drug enforcement.
As far as I can tell the main tactic has been avoiding direct attacks on encryption. Given the resources of a TLA, I'd assume that there are number of methods to determine if a computer, particularly one attached to the internet, in use. From there they simply keep it alive.
I don't think the cold boot attack is likely to be used by domestic TLAs or local enforcement but I would not rely on such assumptions.
I'd read a lot of arguments and schemes along these lines. In honesty I have no idea if AC line frequency is a good metric to decide if the device is still at home or not. However I don't think that that is downfall with the idea (I do like it though, it's clever). Rather, it has the fault all such automated schemes: variation of AC line frequency is not a positive indicator that some TLA has broken into your home and is confiscating the device (either without your knowledge or holding you in severe duress). You neighbor's son (or you) could be plugging in their shiny new 1.21 gigawatt guitar amp... or some other 0.01% likely event. And then you come home to more or less a complete catastrophe.
More importantly it is my assertion that by devising such strategies you will convince the goons at the DHS, of whatever TLA proxy, that you are not hiding evidence of misdemeanor criminality or failings of predominant morality which for now are entirely legal. But, more alarmingly, that you are engaged in activities which currently negate the constitution, the bill of rights, various international treaties, and hundreds of years of precedent in criminal law: Sexual deviancy involving a minor, however distantly; Plans or desire to commit an act, which by thin and bizarre legal convolutions can be construed as terrorism; A peaceful and conscientious objection to the current administration's prosecution of various occupations of dubious legality and or their treatment of people who they detained.
I'd say the existence of encryption is ample evidence to convince a judge to compel you to reveal your key. I'd also say that most enforcement agencies, which are going to participating in such a no-knock raid on a domestic terrorist, have some pretty damn interesting forensic tools designed to circumvent encryption (Preventing the computer from ever going to sleep is one common tactic employed).
So if you are going to bother encrypting you had better brush up on forensics tools and prepared to go jail for not reveling your key (on top of whatever else they charge you with).
What do you mean by "not serious"? Do you mean have I removed the Faraday cage that used to surround the inside of my home in fear that the Department of Homeland Security would send in great numbers of heavily armed men into my home? Or do you mean "not serious" in that I would have never put up a Faraday cage in first place? Or "Not Serious" in that I would be surprised if this reported in the news? Or "Not Serious" in that the DHS would not decide a US citizen did not fit a certain profile and then proceed to detain them in spectacular fashion? Or "Not Serious" in that simply not radiating is not a good enough reason for a judge to issue a no-knock warrant over the phone, in the middle of the night?
In answer to those questions: I have not installed a Faraday cage which completely encompasses my home, nor removed one. However, I do try to keep pretty tight computer security. I would be completely *unsurprised* if tomorrow's news carried an item describing in vague detail how the DHS, or proxy, pumped a few dozen rounds in a retiree when they broke down her door in a no-knock raid. I would be absolutely astounded if the DHS had not long since singled out great numbers of residences of US citizens for extra investigation based on an incorrect "profile" of remotely measured Emissions or Emanations. I also would be pretty damned surprised if they actually caught a terrorist using these methods. I think it is far more likely that they are instead detecting a lot of common criminality with their wholesale surveillance. Which they simply alert local police of, probably by way of FBI liaison, which are then pursued with more legal law enforcement methods. I also would be completely unsurprised if judges do not already routinely issue such warrants as they do so on far less evidence already.
And to answer your last question: They know by going into your home and looking.
Being the only house on your block not radiating all sorts of data sounds like an excellent reason for the DHS to perform a no-knock raid with a legions of SWAT teams and an armored troop carrier or two.
They've been up on a variety of torrent sites for a while and you can get them from the OpenBSD website. I've been using it off and on for years and I think it's worth ponying up for the install disks. I keep coming back so I guess they're doing something right.
They also have a rather small CD image you could download and then do the rest of the install via FTP.
I am trying think of a time I needed a compiler on a box I was using a rescue CD on and I'm pretty sure I've forced the experience from my memory. I have a pretty low tolerance for that sort of thing anyway. So usually I just go in grab the data and config files, then reinstall current. But I haven't done that recently either. Knock on wood...
Also I am not sure of the utility of having an "unrepresentative collection of software" on a rescue CD. I guess this must be significant to someone...
Why is this still a question? Surely there is some law or legal decision which clearly states under which conditions an ISP would enjoy common carrier protection and which it wouldn't.
"Here" where? In the US? I had no idea they did that. I've been in court a few times and never saw anything like that, even though I thought it was needed.
As it happens I *am* about to go the US. And I am taking an encrypted USB memory stick and my iPod and this whole thing has me fairly nervous. The best thinks I have going for me is that I am a US citizen, and I can speak passable English. So I hope they (the TSA in Atlanta) will continue their previous habits of being bigoted and spending more of their time on suspicious looking people (whatever in the hell that means). The last time I went there they were generally being assholes to everyone around me, and they pretty much ignored me... maybe it was my Atlanta Braves T-Shirt.
Slashdot Mirror
Technocrat never had had moderation or relationships and Bruce completely quit using Slashcode a long time ago... but I still think you comments are still pretty on target.
There is no such thing as trusted private encryption. Effective secure encryption is astoundingly complicated and you can not devise effective encryption in a vacuum. Lots of companies show us ineffective untrustworthy encryption which they develop in secret and which fail in short order... like CSS which is used on DVDs or the DRM in popular games and other digital media. Haven't you read folks on Slashdot mocking them for it?
So the best way is do everything out in the open and have people find the weakness in it before it goes into production. Because once it goes into production you don't need to be code breaker to enjoy the stunning stupidity of the fools that rely on private encryption... you only need to be able to find the app with google and download it.
Have a look at look at the ongoing contest for SHA-3. It's been reported here I think. Or you could the about how they came up with AES.
Here's the zoo: http://ehash.iaik.tugraz.at/wiki/The_SHA-3_Zoo
As a side note: Contests and prizes are remarkably effective method of spending the public's money for public good... as long as the results are open and patent free.
I had been reading Technocrat daily for I guess 9 or 10 years, I can't really comment on what facets of the community that Bruce objected to, so I will comment only on my observations.
The regular contributors of Technocrat were a pretty small group, so whenever one (or perhaps some) found themselves with a lot of spare time and an axe to grind they became the center of gravity of the site and swung the nature of the site to their particular interest, gripe, political view... or whatever. As contributors lost employment, ended relationships, faced large medical bills, and whatever other trials and tribulations people face they have a tendency to become vocal and extreme (while this is apparent to me in hindsight, as a daily observer, it can not possibly be apparent to casual readers).
The summary of the interests of the regular contributors includes disaster preparedness and self sufficiency... which occasionally crossed the line of rationality took on the appearance of armed lunatics holed up in their self constructed secret bunkers, prepared for a shooting war with both revenuers and the starving populous streaming out of the cities (and sometimes I suspected they expected zombies).
I know that a couple of the regulars have mental health issues and I suspect the number to be slightly higher than just 2. Not that I in anyway hold this against them... but I often wondered how our (very public) conversations must look to the outside world.
On several occasions, the world's circumstances focused most of the community on a single topic for comparatively long durations... and for some reason convinced the group that they were experts. The most recent of which is the global international econpocalypse, which convinced most of the group that they were expert economists, bankers, politicians, &tc. The result of this was long passionate diatribes of thinly veiled bigotries and prejudices of every possible flavor (which we all have)... Which naturally created flame wars increasing in extremist rhetoric. Combined with the interests I described above, the theme on Technocrat would take on this protracted dommerish theme... Perhaps we were never really able to overcome "John Gabriel's Greater Internet Fuckwad Theory".
Some of the most frequent Technocrat contributors habitually proselytized non-mainstream ideology which I personally found alarming and repugnant: Market Fundamentalist / Extremist Libertarianism, Nationalism & Jingoism, Christian Reconstructionism, Militancy, Fascism, Racism ... it's a profoundly scary list.
Oh... and naturally we had trolls: two of them.
Now having said all of that... I feel like I should make a few disclaimers:
I was a contributor of technocrat. I also participated in these discussions and I also injected my own bigotries and prejudices into the conversation. Doubtless some christians and or capitalists were uncomfortable with or offended by some of my past comments. However I am not doing so in ostensibly in connection with my private business enterprise... this is a point lost on many of my fellow contributors at Technocrat, I think. And in this way I feel that we treated Bruce unfairly. Bruce is an important member of the Open Source community and it was very gracious of him to provide a sand box (or perhaps soap box) for us to play in. However I don't think we sufficiently recognized how the resultant community reflected on him.
If you look here on Slashdot you will find all of this, and more, in a single day... but generally it is overwhelmed by the volume of normal and reasonable comments... and the moderation system. such that it is.
You may get the impression that I intensely dislike many of the regulars at Technocrat. For the most part this is not the case, nearly all of them are good people, I would gladly have a number of them over to dinner and introduce to my "in real life" family. (excepting the trolls of course).
I have to say, I am profoundly disappointed in Bruce's decision. BUT, I completely understand and agree with it. I think Bruce is a really great guy... and I'd much rather see that he have more of an impact in our community than just running Technocrat
I really don't disagree with your assessment of Card, I read Ender's Game some time ago and now I share much the same sentiments.
I hadn't noticed the UID thing... so they are so high now...interesting. I picked my nick a while ago, so I get where you've coming from.
So... I have to ask. Did you come to that conclusion before or after you selected your nick?
I have come to the conclusion that it must be impossible to engage in any criminal activity which does not somehow involve child porn, as it seems to me that all stories of illicit behavior include accusations of trafficking in child porn.
Ed Felten called HDCP "A hook onto which to hang lawsuits" when if first came out.
I haven't heard much on BluRay Super Duper Double Plus Awesome DRM... but I've been ignoring it. I figure the whole HD-TV market is based on deception. I don't have the patience or tolerance to unravel all of it in order to make an informed purchase.
Hopefully HD-DVD, BluRay, HD-TV will all completely fail and something else a lot more open will take its place.
The FBI has already demonstated that it is extremely easy to bypass the security on those drives. I would not use them.
I am not sure I would depend on this case too much. As I understood it the state was not required to pursue to the key to secure a conviction but rather the guy was convicted based on the testimony of the customs guards. I would expect that unless absolutely required you would not see a full court press from the state, as they would be keen to keep their capabilities (technical, legal, or otherwise) unknown. I would also point you to the criminal who used the (Seagate?) hard drive encryption and got convicted anyway (mostly of being an ass I think)
I used the "'T'-word" because I assumed it would be under this guise some TLA would driving around snooping in this way. And the ease people get labeled as domestic terrorist these days. However, it just as easily be drug enforcement.
As far as I can tell the main tactic has been avoiding direct attacks on encryption. Given the resources of a TLA, I'd assume that there are number of methods to determine if a computer, particularly one attached to the internet, in use. From there they simply keep it alive.
I don't think the cold boot attack is likely to be used by domestic TLAs or local enforcement but I would not rely on such assumptions.
I know you two are probably joking... but chaff should not be considered effective
In all seriousness I would urge everyone to avoid engaging in criminal activities. You can get on just as well, if not better without them.
However, The ideas of computer security are still really interesting!
I'd read a lot of arguments and schemes along these lines. In honesty I have no idea if AC line frequency is a good metric to decide if the device is still at home or not. However I don't think that that is downfall with the idea (I do like it though, it's clever). Rather, it has the fault all such automated schemes: variation of AC line frequency is not a positive indicator that some TLA has broken into your home and is confiscating the device (either without your knowledge or holding you in severe duress). You neighbor's son (or you) could be plugging in their shiny new 1.21 gigawatt guitar amp... or some other 0.01% likely event. And then you come home to more or less a complete catastrophe.
More importantly it is my assertion that by devising such strategies you will convince the goons at the DHS, of whatever TLA proxy, that you are not hiding evidence of misdemeanor criminality or failings of predominant morality which for now are entirely legal. But, more alarmingly, that you are engaged in activities which currently negate the constitution, the bill of rights, various international treaties, and hundreds of years of precedent in criminal law: Sexual deviancy involving a minor, however distantly; Plans or desire to commit an act, which by thin and bizarre legal convolutions can be construed as terrorism; A peaceful and conscientious objection to the current administration's prosecution of various occupations of dubious legality and or their treatment of people who they detained.
I say we nuke them from orbit. It's the only way to be sure.
I'd say the existence of encryption is ample evidence to convince a judge to compel you to reveal your key.
I'd also say that most enforcement agencies, which are going to participating in such a no-knock raid on a domestic terrorist, have some pretty damn interesting forensic tools designed to circumvent encryption (Preventing the computer from ever going to sleep is one common tactic employed).
So if you are going to bother encrypting you had better brush up on forensics tools and prepared to go jail for not reveling your key (on top of whatever else they charge you with).
What do you mean by "not serious"? Do you mean have I removed the Faraday cage that used to surround the inside of my home in fear that the Department of Homeland Security would send in great numbers of heavily armed men into my home? Or do you mean "not serious" in that I would have never put up a Faraday cage in first place? Or "Not Serious" in that I would be surprised if this reported in the news? Or "Not Serious" in that the DHS would not decide a US citizen did not fit a certain profile and then proceed to detain them in spectacular fashion? Or "Not Serious" in that simply not radiating is not a good enough reason for a judge to issue a no-knock warrant over the phone, in the middle of the night?
In answer to those questions: I have not installed a Faraday cage which completely encompasses my home, nor removed one. However, I do try to keep pretty tight computer security. I would be completely *unsurprised* if tomorrow's news carried an item describing in vague detail how the DHS, or proxy, pumped a few dozen rounds in a retiree when they broke down her door in a no-knock raid. I would be absolutely astounded if the DHS had not long since singled out great numbers of residences of US citizens for extra investigation based on an incorrect "profile" of remotely measured Emissions or Emanations. I also would be pretty damned surprised if they actually caught a terrorist using these methods. I think it is far more likely that they are instead detecting a lot of common criminality with their wholesale surveillance. Which they simply alert local police of, probably by way of FBI liaison, which are then pursued with more legal law enforcement methods. I also would be completely unsurprised if judges do not already routinely issue such warrants as they do so on far less evidence already.
And to answer your last question: They know by going into your home and looking.
Being the only house on your block not radiating all sorts of data sounds like an excellent reason for the DHS to perform a no-knock raid with a legions of SWAT teams and an armored troop carrier or two.
They've been up on a variety of torrent sites for a while and you can get them from the OpenBSD website. I've been using it off and on for years and I think it's worth ponying up for the install disks. I keep coming back so I guess they're doing something right.
They also have a rather small CD image you could download and then do the rest of the install via FTP.
It's just a rescue CD anyway...
I am trying think of a time I needed a compiler on a box I was using a rescue CD on and I'm pretty sure I've forced the experience from my memory. I have a pretty low tolerance for that sort of thing anyway. So usually I just go in grab the data and config files, then reinstall current. But I haven't done that recently either. Knock on wood...
Also I am not sure of the utility of having an "unrepresentative collection of software" on a rescue CD. I guess this must be significant to someone...
Why is this still a question? Surely there is some law or legal decision which clearly states under which conditions an ISP would enjoy common carrier protection and which it wouldn't.
I think the term is ex-CIA *Asset*... or at least that is what they say in all the spy novels.
So if no one is bothering to report it, who are these news sites that you are linking to?
other people who have already been married
Apple has never actually used the TPM and it is not even on the newer boards.
"Here" where? In the US? I had no idea they did that. I've been in court a few times and never saw anything like that, even though I thought it was needed.
As it happens I *am* about to go the US. And I am taking an encrypted USB memory stick and my iPod and this whole thing has me fairly nervous. The best thinks I have going for me is that I am a US citizen, and I can speak passable English. So I hope they (the TSA in Atlanta) will continue their previous habits of being bigoted and spending more of their time on suspicious looking people (whatever in the hell that means). The last time I went there they were generally being assholes to everyone around me, and they pretty much ignored me... maybe it was my Atlanta Braves T-Shirt.