Slashdot Mirror


User: Antique+Geekmeister

Antique+Geekmeister's activity in the archive.

Stories
0
Comments
7,305
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,305

  1. Re:It's a trap! on Microsoft Claims Patent On Elements of Embedded Linux? · · Score: 1

    It encouraged the Novell/Microsoft patent cross-licensing. As good as Novell has been about the SCO insanity, it wasted resources they might have spent to for legal expenses of patent violations by Microsoft, and doubtless left them quite tired of wasting time and money in court.

  2. Re:Encryption can beat this, but shouldn't have to on AT&T Invests in Filtered Networking · · Score: 1

    Your logic is confused. For example, "free-to-air" radio doesn't exist and hasn't for many decades. It's heavily regulated in every major nation, to control political speech, to prevent interference with the limited available airwaves, or both You have to get a license, and you have to pay copyright fees on what you publish, or you lose your license very quickly.

  3. Re:Take it home. on Non-Compete Agreement Beyond Term of Employment? · · Score: 1

    From his own description, he knows he misled them. Modifying a document that someone else wrote, surreptitiously, and tricked them into signing it. That isn't caveat emptorL it's plain old fraud.

  4. Re:Ummm, parent is right. on New NSA-Approved Encryption Standard May Contain Backdoor · · Score: 1

    1) Inadvertent or not, he spent 3 days running for cover instead of publishing the tool to help contain the damage. If he'd published the code anonymously, or called in his family connection with the head of the NSA to publish the code, it could have been contained far sooner and prevented days of rebuilding trashed systems worldwide. You don't get to say "oops, I didn't mean to start the fire" if you run away instead of ringing the fire alarm for 3 days.

    2) Hardly. He cost my workplace easily 5 workdays for 100 people, including data that had to be rebuilt from scartch because it hadn't been backed up yet. At 1988 salaries of, say, $20,000/year or $400/week for moderately skilled people, that's $40,000 right there. Multiply by the thousands of sites disabled, and the even greater number that were moderately inconvenienced, and it's many millions of dollars.

    3) He wrote it to spread without central control and with no expiration. That's not a wake-up call, that's just plain stupid.

    4) I don't understand your point here at all. They work for the administration. They also are supposed to obey the laws of Congress, accept the judgement of the federal courts, follow the Constitution, not violate the terriroty of other agencies, etc. The NSA has failed, quite publicly, at each of these, so I'm not sure where you're going with this.

    5) Well, I'm unsurprised by the presence of such a back door. I admit to not taking apart SELinux myself to find the booby traps (and I hope they're not so blatant as this one apparently was!)

    6) I'm afraid of seeing this happen. The Clipper Chips were an example of such an approach, since one of their primary planned uses was for cell phones. Instead, we've seen laws passed against monitoring cell phones, which just amuse me no end as leaving the gate wide open for exactly the illegal monitoring which the NSA has been engaged in for decades.

    I believe you. In some ways, I wish I wasn't as paranoid as I am, but I've been seeing too much justification for it, and this story reveals another reason to remain paranoid.

  5. Re:Encryption can beat this, but shouldn't have to on AT&T Invests in Filtered Networking · · Score: 1

    Nonsense. Go to any major media city (New York and LA come to mind) and look at how many hopeful dancers, writers, and actors are struggling to make ends meet to fulfill their dream, and how many of them are working day jobs of serious toil and poor wages to stay close to the auditions and the entertainment action. While many producers and directors and production companies may be grotesque thieves, there are still plenty of struggling artists who've taken big risks with their careers to participate in something they value: performing. Go to any open mike night, poetry reading, or cattle call for a musical to see exactly whom I'm talking about.

    Mind you, most of them are god-awful and don't have a prayer of ever making it even in a perfect world, but that doesn't mean such hopefuls aren't out there, or even some gifted ones for whome a few albums will make a difference to their career. Like a previous poster, I only download actual freeware, and backup copies of software or albums I bought that are burdened with DRM software I haven't bothered to defeat.

  6. Re:Sys Admins complain! News at 11! on IT's Love-Hate Relationship With Laptops · · Score: 1

    The paperwork of getting the warrantee money back from the manufacturer if you pull a stunt like that?

  7. Re:their list on IT's Love-Hate Relationship With Laptops · · Score: 1

    Unfortunately, the USBRS232 frobs are often extremely poor quality, with no hint of the actual chipset used or its capabilities. The result is that a demo may work in the store, but when you actually hook it to a serial device or try to operate it on a new operating system (such as Vista!), it fails miserably. I've had very poor success with them for the last five years. The unwillingness of manufacturers to print the chipset on the box is the worst of the problems with that.

  8. Re:Laptops on IT's Love-Hate Relationship With Laptops · · Score: 1

    This isn't true. I have a laptop in my bag that will not boot without the battery installed, even on line power. You can yank out the battery after it's booted safely, but you can't boot it.

  9. Re:Healthy Case of Paranoia on New NSA-Approved Encryption Standard May Contain Backdoor · · Score: 1

    The desire to employ foreign cryptographers has good reasons other than the small pool of talent. It's also a very good way to keep track of foreign developments in the field, and to collaborate on tools to monitor political enemies of any type, whether they be "Communists", "terrorists", "freedom fighters", or "Buddhist Monks". It also makes trading information and research possible in ways that hiring only US cryptographers would not support.

    I have no idea why you think the risk of exposure is greater for someone abroad than someone whose CV says "employee of the NSA". There is a huge advantage of plausible deniability for the NSA itself: having an unrevealed hook into major international encryption standards is such a large benefit it seems well worth funding (or covertly providing research for) a foreign scholar.

  10. Re:Trust the Spies on New NSA-Approved Encryption Standard May Contain Backdoor · · Score: 1

    And then remember the Clipper Chip, developed by the NSA and shot down because it turned out you could generate your own private keys to use on it (which completely broke the government's model of holding all the private keys itself). And oh yes, it turned out it violated a number of patents held by an MIT researcher, and seriously discredited Dorothy Denning for signing off on it. (Dorothy Denning is a cryptography professor who used to be taken seriously at Georgetown University: now she's working for the Navy.)

  11. Re:What part of "NSA Approved" don't you understan on New NSA-Approved Encryption Standard May Contain Backdoor · · Score: 1

    No, SELinux isn't very broadly used because it breaks things at unpredictable times and has exceptionally poor documentation.

  12. Re:The answering machine on New NSA-Approved Encryption Standard May Contain Backdoor · · Score: 1

    Watch that movie again. It was implied that the NSA already *had* the encryption algorithm, and were already using it. Otherwise they'd have strived much harder to make it work, and noticed the big chip missing out of the device. As it was, they didn't care that the algorithm was broken, as long as no one else had it.

  13. Re:The answering machine on New NSA-Approved Encryption Standard May Contain Backdoor · · Score: 1

    No, they don't. The NSA has already been caught, repeatedly, doing wholesale monitoring of domestic communications. (See the EFF lawsuits over the fiber-optic taps at AT&T on the backbones of the Internet.) Widespread robust encryption of any sort will make their illegal monitoring far more difficult, and make their lawful monitoring more difficult as well as the technologies become more widespread.

    They seem to acknowledge that voters want some level of encryption protectoin. They cooperate to the minimum means necessary to satisfy the political requirements, but do their best to leave all communications accessible to them with minimum difficulty. Please, please, go back and look at the histor of the Clipper Chip for explanations of how this works, and how they're happy to have expensive but robust encryption that they have arbitrary and complete access to the keys for.

    Then turn around and look at not only this mess, but at the "Trusted Computing" initiative to put encryption technologies with master keys held by a central authority (Microsoft) to manipulate software authentication and upgrades, document authentication and verification, and a host of other fun uses. And you'll see why we shouldn't trust their motives or behavior.

  14. Re:Healthy Case of Paranoia on New NSA-Approved Encryption Standard May Contain Backdoor · · Score: 1

    I see. So the NSA, that is specifically designed to monitor foreign communications, has no foreign cryptographers employed? Especially in Israel, an old collaborator in monitoring Mid-East communications and the source of some of the best cryptographers in the world?

    I'm not saying they poisoned other protocols this way, but it's certainly worth reviewing any new encryption protocol for such backdoors.

  15. Re:Ummm, parent is right. on New NSA-Approved Encryption Standard May Contain Backdoor · · Score: 1

    And his son, Robert Tappan Morris, the idiot who wrote the Morris Worm, http://en.wikipedia.org/wiki/Robert_Tappan_Morris. It must be nice to be such a criminal and have your father keep you from spending a day in prison for destroying millions of dollars of data and shutting down core Internet services worldwide for days if not weeks while people cleaned up after it.

    Unfortunately, this is what happens when genius, or good tools, are used by incompetents. And that's exactly what we can expect from clever tools built by the NSA and used by their bosses, the Bush administration. So a backdoor built into such an encryption technology may be well-meant, but we shouldn't trust that it would be used well. The same issue exists for any encryption technology whose keys reside in "law envorcement" hands. This is part of what sank the old Clipper Chip encryption technology, especially when people worked out how to use their own, actually secure, keys.

  16. Re:Yeah right.... on AT&T Invests in Filtered Networking · · Score: 1

    Dig a well where I live and I'm afraid you'd hit a cesspool.

  17. Re:Sounds preposterous on AT&T Invests in Filtered Networking · · Score: 5, Interesting

    This is AT&T. They don't distinguish, they just give it all to the NSA, as demonstrated by the lawsuits filed by the EFF and the whisteleblower who revealed the taps on core fiber optic backbones.

    The NSA, now, has fairly good tools. There's a fascinating tool from a company called Sandstorm that re-assembles network traffic into its distinct streams and does quite a good job of re-assembling email and web transactions. Given a remote opportunity to do a man-in-the-middle SSL key replacement, or simply steal the SSL or SSH keys from the serving host (with or without a subpoena), such tools could doubtless do quite a good job of intercepting transmissions seamlessly. And innocent folks aren't bothered to go to that level of protection, such as using obscure languages or real one-time pads.

    Like the phone company's wilingness to tap phone conversations from the telephone offices, undetectably, because it's merely duplicating the digital bits and sending them to whomever they care to send them to, such monitoring constitutes a massive risk to the innocent for political and illegal monitoring. We see what such monitoring and related censorship does in China right now: we need to be extremely wary of it occurring here with such tools casually accepted.

  18. Re:solution on First Use of RIPA to Demand Encryption Keys · · Score: 1

    If I may ask, what city is your police force in? I'd like to applaud them for doing a good job. And do you know who trained them?

    Sadly, a small force with competent staff can often do vastly superior work to an entrenched and "policy" burdened national organization. We see the same thing in IT work constantly, where 5000 person companies cannot be burdened to move away from a broken piece of infrastructure such as a horrible password system or move from POP to IMAP email, and a small company can do it inside of a week.

  19. Re:Government-granted monopoly leads to no alt. IS on Comcast Sued Over P2P Blocking · · Score: 1

    I use Slashdot with an alias for good reasons, and don't wish to give out that level of detail.

    Or would you care to post your mother's maiden name, your credit card number, and your date of birth?

  20. Re:Oh Lots of fun on Backing Up Your Brain · · Score: 1

    No, no, let's pump and dump their stock. And pump and dump the stock of companies that do the actual research, as their funds wind up diverted into the nonsense.

  21. Re:Government-granted monopoly leads to no alt. IS on Comcast Sued Over P2P Blocking · · Score: 1

    Well, the one I'm using now does it. Some of the ISP's that Comcast bought up in their swath of purchasing 4 years ago did it.

  22. Re:Government-granted monopoly leads to no alt. IS on Comcast Sued Over P2P Blocking · · Score: 1

    I debugged some friends' and relatives' setups. It was certainly the case 4 years ago for at least some of their network. It's also common in PPP or PPPoE setups, that share an upstream IP address this way.

  23. Re:Government-granted monopoly leads to no alt. IS on Comcast Sued Over P2P Blocking · · Score: 1

    Then you don't get out much. I take it you've never used AOL as a primary ISP?

  24. Re:Some questions on Comcast Sued Over P2P Blocking · · Score: 1

    Look again. Comcast is not blocking the traffic. They are sending fake packets pretending to be from the user's computer, to disable the connections. That runs afoul of some fascinating federal fraud laws. They'd have a much better leg to stand on if they said "the P2P traffic is insanely excessive, we're going to throttle it" and did so. But they won't admit that they do this, despite the repeated verification with network monitoring tools that they do.

  25. Re:Government-granted monopoly leads to no alt. IS on Comcast Sued Over P2P Blocking · · Score: 1

    It's usually done to a specific office of a corporation. I've actually seen a store closed and its assets seized as part of a lawsuit, where the corporate headquarters refused to pay the fines they'd had levied against them.