Slashdot Mirror


User: Rich0

Rich0's activity in the archive.

Stories
0
Comments
11,574
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,574

  1. Re:Money for his defense on DOJ Hasn't Actually Found Silk Road Founder's Bitcoin Yet · · Score: 1

    It's possible the money could be used to buy goods and services denominated in BTC.

    Sure, but then the government will know who you bought those services from (unless they also are taking steps to conceal their identity - something they have no incentive to do), and then agents will just ask them for information about you. Most meaningful services require the person providing the service to know something about the person they're providing the service to.

    It's also possible that the $600m wallet could be separated from cash-out by numerous layers of "synthetic transactions"

    Not sure I buy that.

    Since a new Bitcoin ID is generated for each transaction; if the merchant does $600 million in business, the merchant will not necessarily have a "single bitcoin ID" that can be traced to them --- they may have 60000000 bitcoin IDs, each containing a receive transaction of approximately $10.

    Completely plausible. Usually a new account is created for any transaction anyway, so that you know that payment was made for that specific transaction. It would be typical to move that money into a more centralized account, but that does not need to happen.

    Then later, when the merchant wants to buy $1000 in resources to continue selling some things; they might create a new "Spend wallet" in that amount, through 3 layers of $10 synthetic transactions from their $10 bitcoin IDs .

    The extra layers do nothing to help. If the government is watching a particular account, then they'll spot the first transfer, and then they'll monitor that account and spot the second transfer, and so on. The ENTIRE history of every account and their transactions is published, permanently. Moving the shells around doesn't really do much in the age of computers, especially when every movement is logged in a database.

    Once the number of synthetic transactions is large enough.... there becomes a question; Can anyone successfully reverse the history, and separate which transactions were synthetic from which transactions were real?

    You don't care which ones are real - you just care about every account that the money touched. You then monitor them all until you link one to an account you know the owner of, and then you can start tracing backwards in the real world.

    Assuming (1) Merchants do not keep any record matching their past Bitcoin ID to a transaction --- as soon as the merchant spends all the money received at any bitcoin ID, they destroy all record of the ID and the keys.

    Merchants interested in hiding their activities might do this. However, legitimate businesses probably would not. If you are a bank and the FBI shows up at your door, you could offer them a copious supply of logs, or you could tell them that you do not keep records. The first makes them happy, and the second does not. If you don't keep logs, the main decision you leave the investigative team is whether they want to merely shut your operation down, or if they think you're actually involved in which case they should also prosecute. Neither are appealing to a legitimate business out to make money. As a result, businesses tend to keep plenty of records.

    (2) Normal bitcoin clients get altered to do the same ---- whenever you receive money you intend to eventually spend, your bitcoin client generates new unique IDs for you, and a pool of synthetic transactions perturbed by an entropy pool, to be staged over some period of time. By the time the transaction completes; it will not be obvious which of those receiving IDs were yours, and which ones' were the merchants' --- it will not be clear if your spend to the merchant was just the next layer of synthetic transactions, or a real transaction.

    The FBI doesn't need to trace every account to an owner. T

  2. Re:Money for his defense on DOJ Hasn't Actually Found Silk Road Founder's Bitcoin Yet · · Score: 1

    I believe you lack adequate information on how Bitcoin works. If he or someone he trusts and gave instructions to beforehand has access to another copy of the wallet, it's just as good as the original...

    Correct - copying, storage, and movement of bitcoins (without transferring ownership) is easy to do in a covert manner.

    and the coins may be transferred elsewhere and converted to other currencies, etc via the normal exchanges. I'll be surprised if the prosecuting authorities manage to figure out how to track that; they certainly won't be able to stop it.

    Every transfer of ownership (ie movement from one account/wallet to another) is publicly disclosed and completely traceable. In fact, the transfer of ownership isn't really certain until it is published by a miner. Who (in terms of account numbers) owns which bit coins is a matter of consensus, which means that everybody basically has to know everything.

    Now, what human being has access to what account numbers isn't public knowledge. However, there is a good chance that the FBI knows what account numbers Ulbricht was using. Every one of his customers basically had to transfer their money into them in order for him to make money (I don't know the details of how this was accomplished as I'm not familiar with the actual workings of the Silk Road). So, even if they don't have access to the bitcoins they probably do know what account they're in. If anybody moves them to another account then they'll know about it, and if somebody transfers the money to an exchange they'll know about that as well. Then they just call up the exchange and asked who got the money transferred to that account and they'll have banking info.

    It would be very hard to actually spend bitcoin earned from a publicly-disclosed criminal enterprise. I think Ulbricht only lasted this long because he was basically hoarding the money - if it never leaves your wallet then it is hard to figure out who has it. But then, what's the whole point if you can't actually use the money you obtain for actual goods and services?

  3. Re:Power of attorney transfer them from his wallet on DOJ Hasn't Actually Found Silk Road Founder's Bitcoin Yet · · Score: 1

    If they could break it, we wouldn't have this story. Just the normal conspiracy types saying they can, and no denials.

    If the NSA could break RSA, I doubt they'd tell the FBI about it, and I doubt that they'd use it to decrypt a trove of bitcoins. Maybe they might look at some encrypted traffic and figure out where to look, then look there and "happen to spot" some other clue that they could have plausibly stumbled upon, and then provide that clue to the FBI.

    That was the sort of thing done in WWII all the time. When sources like Ultra/Magic were used some kind of cover would be created to get the essential data to the people who needed it, as if it had come from someplace else. Protecting the source is more important than taking advantage of the intel.

    I have no idea whether the NSA can crack RSA/etc. Certainly no mathematical proof exists that they couldn't, and in fact RSA in particular is known to be vulnerable to factoring via quantum computers - a technology that is entirely theoretically possible.

    However, I don't think you can infer anything about the NSA's capabilities from a case like this.

  4. Re:Most offices have normal plate-glass windows, t on Former NSA Honcho Calls Corporate IT Security "Appalling" · · Score: 1

    It's not clear to me that you aren't a retarded troll, but a lot of companies write some of their own software. Why do you have trouble thinking of these kinds of things?

    Obviously when companies write their own software they can sanitize their inputs.

    Well, if they can be bothered to hire competent developers. Since the incompetent ones cost a lot less...

  5. Re:TAILS on How The NSA Targets Tor · · Score: 1

    If you're rooted, you are also de-anonymized. That's almost a sure bet. Avoiding getting rooted is the key.

    Only if the device that was rooted contains or has access to identifying information. If the device you're browsing on is itself isolated from the rest of the network/etc that is not a sure thing. Granted, they could access unencrypted content/etc, so if you're sending private mail over tor they're going to be reading it. However, if you still avoid any mention of who you are and the device is isolated, then at best they're going to get a MAC address that belongs to VMWare, and an RFC 1918 IP. That won't get them much.

  6. Re:Defense on Lockheed To Furlough 3,000 On Monday, Layoffs Also Kicking In · · Score: 2

    It is not the constitution that is stupid it is the 2 party system that we evolved into.

    The constitution devolved into two-party systems almost immediately after it was enacted. I think the problem is systemic. A proportional system of democracy would probably be more effective at getting more voices into the government, and a unicameral parliamentary system would also eliminate all the gridlock when voters vote opposing parties into different branches of office.

    The bicameral legislature made more sense when states actually appointed senators. Then the two houses actually served different purposes. Today they're basically just redundant, but often in conflict.

    However, none of those reforms are going to change the fact that most voters are idiots. I don't have a solution for that one.

  7. Re:Defense on Lockheed To Furlough 3,000 On Monday, Layoffs Also Kicking In · · Score: 1

    NO but if congress passes a law forcing Washington to keep and maintain a budget it will help in future years.

    Not sure how that would help.

    #1 they already keep a budget. It just isn't a balanced budget.
    #2 if they wanted a balanced budget they could just do it.
    #3 if they passed a law saying the budgets needed to be balanced they could just include a statement in every subsequent budget that this budget is an exception to the law. The budget has the force of law and can override any other law (since it is passed by the legislature).

    The problem of government budgets is one of will, not one of law. Nobody ever got re-elected for balancing the budget.

  8. Re:Most offices have normal plate-glass windows, t on Former NSA Honcho Calls Corporate IT Security "Appalling" · · Score: 1

    I actually propose you learn how to read and think better. Do it.

    Have anything constructive to contribute?

    Most of the security flaws are in internally-facing applications. How do you propose sanitizing input on those, considering most are not open-source? Selecting vendors for security means not selecting them for other attributes, like business value.

    This is a bigger problem than "just taking security seriously" which is why it is such a big problem.

  9. Re:most people don't want to bother on Security After the Death of Trust · · Score: 1

    WTF? So, was I dreaming when I setup Zimbra Open Source Edition and used the email client of choice (except for the shitty Gmail app) on any platform of choice? I don't remember an X11 console or clunky email clients anywhere in that dream.

    I've tried Zimbra Open Source Edition. It lacks any kind of Android client (you did say OPEN SOURCE edition, right?). It also lacks keyboard shortcuts for deleting and archiving mail, as far as I'm aware. I'm not certain, but I don't recall that it supported tag-based email sorting either.

  10. Re:Cool on FDA Approves Wearable "Artificial Pancreas" · · Score: 1

    Taxation has proved in the past to be a very effective and safe behavior modifier.

    So is torture. What's your point?

  11. Re:at the mercy of the owners on RMS On Why Free Software Is More Important Now Than Ever Before · · Score: 1

    googd luck with the "web-based application that ws just as capable", there are menay webapps that are adequate, but a good web app doesn't even come close to a good clientside app

    Just as capable as Gmail would be good enough for me. It is more effective than Outlook, though I'm sure I could do better with Kmail (or maybe even Thunderbird).

  12. Re:Most offices have normal plate-glass windows, t on Former NSA Honcho Calls Corporate IT Security "Appalling" · · Score: 1

    Thats a self perpetuating problem... So long as buyers don't reject such software, developers will continue to produce it.

    IT Security has almost no impact on purchasing decisions. Most businesses aren't going to say, "well, looks like the vendor who makes this great piece of measuring equipment writes software that is easy to use, effective, and insecure - so we'll just decide not to buy it and let our competitors make the breakthroughs in that domain." Likewise when they spend $400k on the piece of equipment and IT comes along in 3 years to tell them they need to throw it away because the OS is no longer supported and the vendor has no upgrade available without buying a new instrument, guess what they'll say?

  13. Re:Most offices have normal plate-glass windows, t on Former NSA Honcho Calls Corporate IT Security "Appalling" · · Score: 1

    Ensuring that input is properly sanitized is one that comes to mind, because I've seen problems with it by people who should have known better.

    Uh, how exactly do you propose doing that on every internal application used by the company - 99% of which have no source available? Do you think that the software that runs the robots on your manufacturing line properly sanitizes input?

    All a hacker needs to do is break into some server running insecure "enterprise" software and then log all the passwords entered on it.

  14. Re:No Shit, Sherlock on Former NSA Honcho Calls Corporate IT Security "Appalling" · · Score: 1

    Solution? Just use your own equipment with either built
    in 3/4G connections, or just tether across your personal
    phone.

    Caesar and Rome ...

    I think that is the problem with all this perimeter security. It all sounded nice back in the 90s. Today people can just carry data in/out on flash drives, or send it over 4G.

    Oh, and the most valuable data is probably most vulnerable to people who have access to it already. That nice big corporate database probably has nothing in it to prevent a user from exporting the whole DB and walking out with it.

  15. Re:No Shit, Sherlock on Former NSA Honcho Calls Corporate IT Security "Appalling" · · Score: 1

    Yup - theater is the key.

    Password expiration is great theater - it is intrusive and intuitive, even though it is useless 99% of the time. You're a hacker, and you try to log in using the password "robbie7" and the password that has worked great for you for a month suddenly no longer works. Anybody want to guess what the new password is?

    Complex passwords are also great theater - very intrusive, but again useless 99% of the time. Is "Robbie7" any harder to guess? If you make users use the password "'28$x!/,^" then all the hacker needs to do is call the help desk and ask for a password reset, like all of your employees do once a week anyway.

    Forced complex passwords on cell phones are the best of all. Most likely the user will just jailbreak their phone to bypass your security entirely (thus ending up with less security than if they left the OS intact), but you probably still will manage to kill off somebody each year when they try to unlock their phone while driving.

    Meanwhile anybody in the building for any reason can just stick some little box on the network bypassing all your fancy perimeter security and harvest all kinds of data from all those proprietary enterprise applications that never get rigorous security audits. Academics probe the security of browsers and web-servers every day, but they tend not to test the software your janitorial department uses to track complaints about toilet cleaning, and a keylogger installed on the server that runs that will snag all kinds of credentials.

  16. Re:P2P crypto software on Security After the Death of Trust · · Score: 3, Insightful

    That is the real problem. If all I do is work from my desktop then I can just use kmail and its fairly strong gpg support and I'm done. The problem is that I use many operating systems, including ChromeOS, so I need Android clients, web-based clients, etc. I've yet to see anybody write a really good web-based email client, and even the IMAP options are very limited if you want to use tag-based email management (as in Gmail).

    I really don't want to use Gmail. Its identity management is broken on Android, it isn't good at threading, there is no way to use it with encryption, and it gives Google access to all my mail. The problem is that nobody has come up with an equivalent FOSS option. The best I can do is cobble together a bunch of stuff and still get an inferior product. I've yet to find a web-based MUA that handles keyboard shortcuts nearly as well as Gmail...

  17. Re:most people don't want to bother on Security After the Death of Trust · · Score: 2

    I understand how to do exactly everything you're asking your family to do, and yet I still trust all my email to Gmail.

    The reason is that it makes the data readily accessible. I'd like to read my email from arbitrary computers using only a web browser, and routinely read my email in this way so the client needs keyboard shortcuts/etc.

    Sure, I could set up squirrelmail or roundcube and use IMAP with some client on Android (and have done so in the past), but the software is very clunky. With gmail I can process each email I read with a single keystroke. With something like squirrelmail it takes several mouse clicks to archive a message.

    I'd really prefer using FOSS and encrypting everything, but it is a real pain unless you're almost exclusively reading your email via an X11 console. Even then the keyboard shortcuts often aren't as good as gmail, but at least you have drag-and-drop.

  18. Re:Chromebook on Ubuntu 13.10 Will Not Ship Mir By Default · · Score: 1

    Yeah, they really need to offer a cloud printer box or something. It would interface via USB/network/whatever to the printer, and would connect in to cloud print. Config would all be via the web - perhaps via Google's website (you plug in the device, it does dhcp and registers with Google, and then you log into google cloud print and register the device using its serial number or whatever). I have an Ecobee thermostat that was registered in a similar way - you just configure the thermostat itself enough to get it on the LAN, and then you can do most of the rest via their website.

    Only issue will be dealing with the myriad of driver issues, which is probably what is keeping Google away from it. However, at the very least they could support network-based PS printers, or a few other well-defined protocols. My current printer is postscript and it took all of about 3min to get it working on linux, and this is not on one of those super-desktop-friendly distros.

  19. Re:$3.6 Million Bitcoin Seized on Silk Road Shut Down, Founder Arrested, $3.6 Million Worth of Bitcoin Seized · · Score: 1

    Bitcoins can't be "redeemed" any more than cash can be redeemed.

    They can be traded, just like cash, baseball cards, and scrap metal. There are outfits that routinely trade bitcoin for cash, but there are also outfits that you can sell your gold to as well.

    They'll just put the bitcoin up for auction and it will sell for whatever it sells for - just like any other evidence sell-off. That isn't any kind of admission that they're a currency.

  20. Re:Economic Reasons on Central New York Nuclear Plants Struggle To Avoid Financial Meltdown · · Score: 1

    What exactly do you suggest they do?

    Stop billing themselves as "clean" until they figure out what to do with their hoarded mess.

    I never got why we don't just run breeder reactors.

    Oh, sure, I get it - they could be used to make nuclear bombs. So, just have the government run them and guard them with the military. It can't be more expensive than Yucca Mountain (it it certainly is safer for future generations than burying waste), and it probably would be self-funding since you could sell the refined fuel.

    The nuclear waste problem is largely self-created.

  21. Re:Losing the battle on RMS On Why Free Software Is More Important Now Than Ever Before · · Score: 1

    Huh? My whole point is that I'd rather not be using Gmail, but there aren't any good alternatives.

    Every email I read travels through postfix before it gets to Gmail. If somebody had a decent tag-based FOSS email system that offered both a web client (with keyboard shortcuts for all common functions) and android client that supported offline use I'd switch in a heartbeat, especially if it supported gnupg.

    The best I can do now is courier-imap (which doesn't support tag-based folders), squirrelmail/roundcube (which don't have keyboard shortcuts), and an android imap client (most of which don't handle offline use well). Zimbra is somewhat useful but is a pain to host (it is practically a distro), still lacks keyboard shortcuts, and is proprietary if you want mobile clients.

    If I was happy using Gmail I wouldn't be looking for something free. I isn't like I love the idea of everybody else in the world reading my email (though even back when I wasn't using Gmail it wasn't like I could encrypt all my mail since nobody else supports this anyway).

  22. Re:Cool on FDA Approves Wearable "Artificial Pancreas" · · Score: 1

    What's even cheaper is eradicating the instances of lifestyle diabetes - which are all of those cases of diabetes that occur by personal choice.

    What choices are those? The choice to be hungry or not be hungry? The choice to be depressed or not be depressed?

    I think that the only way to actually eliminate the cases of diabetes that occur by "personal choice" without using some kind of drug-based solution is to lock people in cages and take away personal choice. You can regulate the weight of animals by putting them in individual cages with individual feeding schedules. If you made available to an animal the choices available to people, the animals would end up in the same shape our society is in. Choice is a bit of an illusion - choices are made by your brain, and your brain comes pre-programmed at birth for the most part when it comes to diet.

  23. Re:Losing the battle on RMS On Why Free Software Is More Important Now Than Ever Before · · Score: 1

    These projects were all presented on Slashdot, they are not small obscure stuff. Did you check them out? Did you use them?

    I've actually tried a bunch of the examples you mentioned (not every one of those areas is of interest to me). They just aren't comparable to the mature solutions out there. I can use Google Docs or Openoffice as a realistic replacement for MS Office for the things I do, but I've yet to find an FOSS solution that is web-based and comparable. GMail and Thunderbird are both more useful than Outlook for email, but I've yet to find an FOSS web-based email program that is comparable. I used to use squirrelmail but it is just way too inefficient - no keyboard shortcuts and so on. Also, I've yet to see anybody who implements a GMail-like workflow (tag-based email) with full offline capability in an email client for android, other than Gmail itself.

    I'd love to ditch stuff like Gmail - it is really frustrating to have a year's worth of releases and none of them work correctly with multiple identities, and yet they don't have a bug-tracker I can submit to. Chances are I'd have fixed it myself by now if it were FOSS.

    They were looking for money, did you help them?

    I'd be willing to donate or contribute to something that was a decent replacement for Gmail or Google Docs, but I've yet to see a project that even looks like it would be a good starting point.

  24. Re: at the mercy of the owners on RMS On Why Free Software Is More Important Now Than Ever Before · · Score: 1

    I understand where you're coming from - as I mentioned there are a variety of motivations for contributing to community-based projects. I'm more in the RMS crowd, but I understand the ESRs of the world. I think that what ought to transcend both is the sense that we should be appreciative of the nice toys that others give us for free.

  25. Re:So what makes this bad? on First Cases of Flesh-Eating Drug Emerge In the United States · · Score: 1

    The ingredient list includes gasoline, and this drug is injected.

    Just injecting tap water into your blood is very unsafe and could cause all manner of problems. I guess the gasoline is less likely to be loaded with bacteria, but that's because it destroys bacteria as easily as it destroys human tissues. Your cell membranes are composed of phospholipids, and I'm sure those are fairly soluble in gasoline - it would basically dissolve your tissues away.

    Cut up two pieces of raw steak. Place one in a jar of water, and the other in a jar of gasoline. The former will probably turn fuzzy in a few days, but will stay intact for weeks until it is consumed by fungi/etc. I'm guessing that the meat stored in gasoline will largely dissolve away into it.

    It is hard to manufacture solutions that can be safely injected into the blood, and even pharmaceutical companies run into quality problems. There is no way some guy cutting drugs in their kitchen can do it properly. Start throwing gasoline and such into the mix and it is amazing that people live more than 5 minutes after taking this stuff.