Slashdot Mirror


User: AHuxley

AHuxley's activity in the archive.

Stories
0
Comments
11,974
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,974

  1. One time pad on paper. The real chilling part is the academic creativity in trying to talk about emerging issues found on networks.
    Is it bespoke and unique? Possible gov code, dont publish... never comment, is not a good way to secure local networks.
    Domestic hardware, software gov ready modifications that get left in or are not removable on export systems.

  2. Collect it all gets the end ip, start ip, content, context and historical play back.
    The "back door" is a US consumer grade OS's that allows bespoke key loggers crafted per user to get the plain text as a message is created (typed in) before any powerful new software can even encrypt.
    The real revolution over the past decades is the low cost to keep it all and then sort rather that just watching for keywords or new connections with known people of interest.

  3. Its really back to the 1950's with a collect it all digital layer. MI5,6, GCHQ collecting all, local government workers getting a look too.
    Academics been told what not to publish or talk about in public, UK maths and crypto education enjoying a nice chilling effect.
    A push down on brands to include a gov ready trap door, back door when needed.
    Exported software and hardware are collect it all ready by design.
    Re: "what steps do they take to enforce it?" will be what was always done to ensure every system sold and communications network was/is 5 eyes ready.
    A fancy new D-Notice https://en.wikipedia.org/wiki/... to warn academics away from looking too deep into any new issues???
    Tech publications will be like Eastern Europe in the 1950-80's... A red line and chat downs if comments on found gov code is published.
    Self-censorship sets in to avoid yet another gov visit.
    Nations with press and academic protections will pick up the readers and skill sets long term.

  4. Re:Accuracy 52% with 600 programmers and 8 samples on Coding Styles Survive Binary Compilation, Could Lead Investigators Back To Programmers (princeton.edu) · · Score: 1

    Nations can spend big on their clandestine campus study efforts and over the years can project any nations style they want.
    Did a nation embrace Basic? teach with Ada? early C? Pascal? Have decades of common business oriented language in academia, assembler language, academics who enjoyed lots of free "big iron" access?
    Like hires like, like learns from like.
    Or a large user group of newer Microsoft consumers that are self taught on PC's with newer programming ideas and lots of code reuse?
    With the efforts of the NSA, GCHQ that "kind" of code can then be found with a "correct", "expected" ip range, code style and time zone stamps with a few common terms, phrases, words for "trusted" security experts to stumble over and tell the tech, media about.
    The message can then be amplified by "independent" researchers and sock puppets ready to shape the origin nation conversations online.

  5. Re:The Entrapment Bot Cometh on On the Coming Chatbot Revolution (computerworld.com) · · Score: 1

    Very true. Did a person add the "chat bot" as a friend? Or try and just IM it over weeks, months... What phrases, terms, words got used.
    Fill a database count with too many terms and a real human reads the logs...

  6. Write a US AI history book on Ask Slashdot: How To Get Into Machine Learning? · · Score: 1

    Look back at what the US gov/mil was doing in the 1960's, 1970's with advanced digital databases and what it expected from big data sets and emerging AI funding.
    1980's 1990's with grants, funding, emerging private sector, academia. The onto the huge early data sets with internet search results been offered for sale.
    Follow the data, cash, science and projects. What was done, was expected, never worked, was never mentioned much in public again but got a lot of funding...
    Back over the decades that end up with papers like "The Role of Autonomy in DOD Systems" (2012). The funding to change the publics mind on robot, AI "ethics" so a nation can start winning hearts & minds to accept the role of AI controlled weapons systems.
    Follow the grants and consider a look back over US mil AI research.
    Day job is safe, few journalist or historians have the math or science to read deep into advanced papers without an expert "guide" who will then keep the subject away from risking their own gov/mil clearances.
    So a well educated, articulate book bringing together the past and future visions and uses of AI might be a project that fits in with a daily workload. When done, use social media, web 2.0, newspapers, get onto as much US talk radio as you can and get as many interviews in as you can.
    Use your understanding of grants, past work to create a vision of US AI research thats interesting to read about.

  7. As a 5 eye nation every packet in and out falls under "collect it all". US and UK collection is also no problem as Australian encryption is kept tame or as NSA ready US branded "standards" .
    At a gov level all contracts and bids have to be open to US contractors and brands under free trade deals.
    So its the perfect alignment of for profit interests, big gov and encryption but not too much good local encryption that would break 5 eye collect it all.
    The international issue is really the change of sim card to save huge roaming fees that changes the expected domestic phone.
    Why? Australia has very tight control over every sim in use domestically via a 100 point check https://en.wikipedia.org/wiki/... that has a list of photo id, state and federal id, utility bills, bank details that adds up to a mix of id needed to be allowed to get and use a sim.
    ie a domestic phone is trying to be part of a fancy national id card network thats been altered with an international sim card swap.

  8. Re:Do they want the drone intact? on Analyzing the US Air Force's New "Portable Hobby Drone Disruptors" Solicitation (vortex.com) · · Score: 1

    Infra red, sound like systems could track the set up of an autonomous drone. The real trick is if the "autonomous drone" part still needs landing and launch radio connections that can be detected.
    Sure the flight will be long range and autonomous but that consumer drone signal chatter to the owner might still be trackable at some point during the average flight.
    The only way around that would be a passive drone with zero communications as launched.
    The magic of the autonomous drones use is the police chat down on public land before, during or after drone use. A loud approach about all rights been invalid near the 'site" and that photo id must be produced and drone id often works well even with no stop and identify laws.
    The need for a federal drone id now will be the perfect way around the lack of clear stop and identify laws in many states :)
    The drone induces law enforcement contact on public land :)
    Mil or contractors might even drive out and try and do a public property "near" the site chat down hoping the person is confused about been on public land, their rights and the lack of any enforcement powers away from a mil site.
    Tracking drone use is as easy as tracking any human approach to/from a site on public land. In the past walking, staying on public land, constitutional rights and been in a state with fews stop and identify laws could allow drone use from public land. Federal drone id laws are the big change.
    ie drone tracking is just fancy new legal cover for decades of human tracking near any site :)

  9. Re:Do they want the drone intact? on Analyzing the US Air Force's New "Portable Hobby Drone Disruptors" Solicitation (vortex.com) · · Score: 1

    The main issue is the the emerging consumer drone range. The way the US mil combats that local issue is to buy up huge amounts of public or private land around a still in use mil site.
    No getting hi res consumer drone look down thats better than carrying a telescope like device up an open to the public hill or mountain range.
    Any still accessible tracks, paths end under a camera, have detection systems. Contractors and mercenaries are then used to patrol areas up to fence lines, point to trespass signs. Local law enforcement offers a direct chat down, drone ID demand, "suggests" a photo ID request to make it all ok and enjoy rights again.
    Signal detection when a drone is powered on is the key, then telco blocking to ensure no file is sent out, consumer frequency found to be in use locally gets swamped with a new powerful signal.
    The aspects the US mil has to get is a consumer protection no launch error, no file phone home, no sending a file out, induce a fly home error.
    The main aspect will be to surround a site with anti drone like jamming a bit like with pressure sensors. Too near and the advanced drone just returns to its start point if it even gets a signal thats its safe to be launched.

  10. Re:Security has not kept pace with technology on Man Arrested For Hacking 130 Celebrities (softpedia.com) · · Score: 1

    A lot of powerful propaganda and marketing goes into every generation of US product to ensure the world knows the service is "secure".
    Political leaders bemoan the lack of US police access. City, state and federal police agencies get a lot of press coverage about how their top experts can get into domestic consumer networks.
    News stories mostly cover how a warrant was used just to get an ip from social media.
    To the wider public that is a sign of good networking products.
    The vast amounts of parallel construction in the US and UK gets less media attention over the decades.

  11. Re:How can a group like this exist... on The Trials and Tribulations of America's Chief Internet Defender (dailydot.com) · · Score: 1

    Re 'pushes for backdoors?"
    Its the old hope that only the US mil will have the keys and skills.
    Then only trusted 5 eye nations. A few of the NATO third party nations need them too as they are so trusted, helpful and collect such great product.
    Top US federal law enforcement to help with parallel construction. Nations that work well with US federal law enforcement might get the product and be allowed to install the hardware, software under strict export controls locally ...
    Once mil grade trap doors and back doors get shipped as part of a product line, every national brand is tainted.
    So many staff members, teams, other mil forces, governments get to share, see the results of US instant "no encryption" that they all go looking for the same methods.
    Over time the 5 eye nations, third party nations in NATO, random friendly nations all "discover", re create or just buy the same trap door methods... ex staff and former staff then sell to the global market or have rouge teams, brands, NGO's using the same ideas and skill sets.
    The only way out is never to buy, import tainted brands. Fab, design, code domestically no matter the limitations or demands for trusted big brand back doored networking imports to be allowed back in.

  12. Crypto experts should have understood this from the 1920's on over every generation of telco and network as a standard given to "other" nations to connect with.
    Every generation has its crypto subverted by 5 eye nations due to location (global capture) and raw computing power to "collect it all".
    US network equipment designers had to fit in domestic production lines around what was Communications Assistance for Law Enforcement Act (CALEA).
    Every big brand device as exported, shipped, designed, upgraded, sold is trap door, back door ready.
    All other nations can do now is design domestically, build and code locally. Suffer the heat, cooling, power, cpu limits and know the domestic code their nation is using is now running on their own hardware. Get out of any import bids for upgrades with a security clause and start designing domestically.
    Allowing, demanding a nation to import any trap door, back door ready "export grade" hardware is really getting strange given all the public crypto news.

  13. Re: I'm about to solve the problem another way on Google Tests Signing Into Accounts Using Your Phone, No Password Required (venturebeat.com) · · Score: 0

    Getting nations cell phone related information gets the real person by default as the photo ID needed to register the phone network is recorded.
    Your handing your real buying, surfing, searching information over with after every log in linked to a real gov ID, phone network ID for free.

  14. If you need XP grade OS on the older hardware consider an 32bit non PAE linux options like http://www.bodhilinux.com/
    http://www.bodhilinux.com/w/se...

  15. Re:Why we need access to the *complete* set of cod on Cisco Systems Will Be Auditing Their Code For Backdoors (cisco.com) · · Score: 1

    Yes AC thats the only way to escape the NSA and its traditional, generational relationships deep into the US brands.
    Nations have to buy their own domestic products, code on them and then work out cpu power, cooling, power needs and their own software.
    Importing US installed trapdoors and backdoors over every generation of hardware and software is not going to help with any nations competitiveness or security.
    5 eye + nations get a look into any network by default as shipped is not the best way to do computing.

  16. Re:Community Defense on Juniper's Backdoor Password Disclosed, Likely Added In Late 2013 (rapid7.com) · · Score: 1

    Did the world community of experts find much per Snowden "live" on the internet? Huge amounts of data split domestically and internationally without comment, question or any understanding flowed into a few nations security services without much wider public understanding. 24/7 collect it all was just never noticed ...
    Lots of years old traces, code samples, some splitter locations for collect it all...
    If any top regional security experts get too near that nations security services take over.
    Recall Operation Socialist and later "military intelligence" helping. (2014/12/13/)
    https://theintercept.com/2014/...

  17. Re:Why do people even buy U.S hardware? on Juniper's Backdoor Password Disclosed, Likely Added In Late 2013 (rapid7.com) · · Score: 1

    Trade deals. The US sets up free trade deals or bilateral treaty that open entire nations to US goods and services. Very few nations can then say no due to their own security needs or national interest.
    The other method is huge amounts of contacts between US gov/mil staff and then the US corporations follow in with US products and services.
    Like buys like when a nations top political leaders mil and generals want what they saw in the USA. Standardization, friendships, generations of shared bases.
    The products then ship with trap doors, backdoors so the US gov always has access to its 'friends' globally.
    The only option is to fab as a nation and then deal with the power costs, heat, cooling, design and software to escape trap doors, backdoors as imported every generation.

  18. Re:Why is it connected to the public internet? on Hackers Have Infiltrated the US Power Grid's Control Networks (lasvegassun.com) · · Score: 1

    To totally get rid of union workers on different sites over a network or state, region, then only have a few computer experts looking over a wider network.
    The idea was sold as a way to remove low and mid level human workers and then just have a smaller count of needed, per law experts to look after huge networks. Different teams could then drive out as needed, when needed.
    The pro part for the shareholders is the reduction in union workers, cost savings and better understanding of faults.
    The down side is parts of the power network is connected to the public internet with well understood consumer grade computer operating systems patched for the working conditions, not network security.
    A rush for past profits reduced the useful, much needed on site human air gap.
    Now the no bid security upgrades can be pushed out after conversations with owners and critical infrastructure experts. Wonderful contracts for a limited number of trusted brands that are allowed to bid :)
    A new rush to fix a rust belt grid.

  19. Think back to on Should a Mars Colony Be Independent? (bbc.com) · · Score: 1

    The Roman empire - take it all.
    Treaty of Tordesillas https://en.wikipedia.org/wiki/... - who from Earth gets what and a nice map.
    East India Company https://en.wikipedia.org/wiki/...
    Congo Free State https://en.wikipedia.org/wiki/...
    Bantustan https://en.wikipedia.org/wiki/...
    The Antarctic territories https://en.wikipedia.org/wiki/...
    A high tech land rush with lesser nations from earth funding distant insurgency efforts.

  20. Re:Payload around 500 Kg on ISRO Launches Six Singaporean Satellites (thehindu.com) · · Score: 1

    Thanks for the news nojayuk :)
    India created a lot of skill sets by working on its own domestic production lines over decades. Over the years all the tech works and parts are ready and all work together well as designed. No stop start decades, mil only production lines, lack of funding that has caused so many complex issues in many other nations.
    India had the correct idea to plan, design, prototype, build and then production line its own complex systems over time. Thats the key: years of good funding, decades of staff skills, decades of design and quality domestic production.
    Indian Space Research Organisation
    http://www.isro.gov.in/about-i...
    "...we must be second to none in the application of advanced technologies to the real problems of man and society" Vikram Sarabhai

  21. Re:Don't buy USA, Don't use USA on US Budget Bill Passes With CISA Surveillance Intact (npr.org) · · Score: 1

    Nations will just do more in house, protect their own nations networks, tack on national interest clauses when offering once global tenders.
    Having all data hosted in another nation that shares data with another gov in direct competition by default is not best practice.
    Domestic brands and local staff will then get the wealth of their own nations spending regardless of staff skill, cpu costs, processing power, cooling costs.
    Any "cloud" product is now a huge security risk for any other nation's data sets.
    A rediscovery of halls full of loud, hot, slow secure servers at a local level in a lot of nations with lots of cleared staff to tend the slower equipment :)

  22. Re:Personal information is removed - read page 174 on US Budget Bill Passes With CISA Surveillance Intact (npr.org) · · Score: 1

    All the privacy protections got removed. Sharing of all data back with the US gov is the entire point. What use is a US gov portal deep into the US private sector with data missing, logs altered, randomized... timestamps or ip's removed or text strings redacted ?
    A protection might stay in place not to leak, talk about, keep in plain text, the data to a 3rd party and store in a correct way until the US gov needs the data.
    ie the data is kept safe for the US gov and not talked about or findable in any way online by a 3rd party.
    Having the US gov get the data and only the US gov is not a privacy protection its just a security clause to ensure "only" the US gov gets the personal domestic information.

  23. Re:Guys - chill on US Budget Bill Passes With CISA Surveillance Intact (npr.org) · · Score: 1

    Re "procedures that state that personal information not relevant to the break-in will need to be removed or destroyed from the information that is shared."
    "Senate Rejects All CISA Amendments Designed To Protect Privacy, Reiterating That It's A Surveillance Bill" (2015/10/27)
    https://www.techdirt.com/artic...
    "removal of personal information"
    "removed FOIA exemptions"
    ""tightened" the definition of cybersecurity threats"
    "more difficult for Congress to learn whether or not CISA is being used for domestic surveillance"
    All the privacy protection and time limitations laws got removed early on. Its a US gov working with the US private sector free for all. Collect it all, keep it all and presented to nice new gov portals. No real reasons needed, no court oversight, no questions back to the private sector, no questions about what the gov and mil will do with the data. Just a huge flow from the US private sector for the US gov to keep and sort.

  24. Re:VPN on US Budget Bill Passes With CISA Surveillance Intact (npr.org) · · Score: 1

    The problem with a VPN is that the US and UK security services have no problem with allowing them. ie discovery of the original ip does not pose any real technical challenge to most advanced nations (5 eye and friends).
    "No logs" becomes moot if the original network or provider ip leaks or is recoverable every session.
    With CISA entire private sector networks can become an part of "collect it all" portal for the US gov/mil at a telco or brand level.
    No more privacy protections, US court limitations, questions by lawyers, internal company legal oversight. Just another new server now splitting every network for the US gov 24/7.

  25. Re:Who should you trust? on 'Unauthorized Code' In Juniper Firewalls Could Decrypt VPN Traffic (arstechnica.com) · · Score: 1

    The typewriter is looking rather useful again :)
    Re: "I guess it's now a matter of who do we want listening in."
    Share a long paper book to a friend and have a one time pad system with all work done on paper before the encoded message is entered into any computer, network, system.