629 posts • joined 16 Jan 2011
Re: Helpful link
Another example of the internet healing itself, along with the probably (by the sequesters) unintended consequence of putting all the undesired links-to-be-forgotten n an easy to find and convenient place.
By all means, tie up Google and bring it down to the mediocre level of Yahoo! and Bing. That way all can suffer equally poor search results rather than being compelled to choose a provider. The obvious solution is to compel all DNS providers (at least in Europe) to randomly return an IP address for yahoo, bing, or google when the target is "google".
Re: Showing off your saucy selfies
We need not, however, depend on the NSA (or perhaps GCHQ) for politician selfies - see Wikipedia for Anthony Wiener, former US Congressman.
And why should we wish to use TrueCrypt, given the statement "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues" on the truecrypt web site, along with the accompanying statement that development and maintenance have been discontinued?
Encryption is a useful tool, but using unmaintained products from anonymous producers (therefore of unknown trustworthiness) would not be my first choice.
The Constitution of 1787 provided in Article I Section IX, that "importation of such Persons as any of the States now existing shall think proper to admit, shall not be prohibited by the Congress prior to the Year one thousand eight hundred and eight" and allowed the Congress to impose an import tax of up to $10 for each such person.
That does not quite constitute abolishing slave importation in the Constitution, however much it may be a signal that the tide had begun to turn against the slave owners.
Re: I would laugh at this if it weren't so sad @ King of Foo
In addition to the British ending their part of the slave trade, in 1807, importation of slaves was banned in the US in 1808, the earliest possible time under the set of compromises that allowed acceptance of the Constitution. The fact of the compromises indicates that slavery was recognized, by many in America, as the abomination that it was a generation earlier.
Although it's a bit late for finger pointing, the English did, beginning in 1652, participate with some degree of enthusiasm in the transatlantic slave trade.
Re: Why am I not surprised by this?
"Posted anonymously because they 'know' and you probably work for them with an astroturfer's comment like what you posted."
Anonymous is pointless in this, as it probably is in all other forums. You are linked in the Reg database to your anonymous posts, as you will see if you review your past posts. And, as everyone knows, GCHQ has it if they want.
Posted with identiy because they know anyhow and it makes me think before submitting.
Upvoted for offering a rational comment to a well-known and widespread problem.
"[B]roader cryptographic community are really just amateur wannabes" once was substantially correct. That is no longer the case. There are increasing numbers of competent cryptographers in academia and the private sector, although intelligence agencies like NSA and GCHQ almost certainly are among the best if not the best sources of cryptographic expertise.
Re: You can't have democracy...
Actuially, it would make little or no difference, for at least two reasons.
First, the accuracy of any poll in which respondents select themselves is quite low to begin with, and any intervention by the various agencies is very unlikely to affect meaningful opinion measurements, as such polls usually do not produce any.
Second, polls - well-done or not - mostly reflect opinion. Evidence that the announced results drive opinion is somewhere between nonexistent and weak. There probably is a small effect at the margins, but not enough to matter much.
The most productive use for poll-fiddling might be to bend them toward results that show (a) a need for more agency funding and (b) that most of the people are not all that uncomfortable with agency activities. My guess, notwithstanding all the furor, is that (b) is not far from the truth anyhow.
Re: Why 128 bit AES not 256 bit?
I wonder if decrypting 256 bit AES would be faster than I can read the decrypted output; and also whether the time taken to encrypt really matters as long as it happens in less than minutes. And I wonder what the answers would be if the computer were restricted to an 8086.
Re: Yet more unconstitutional remedies to unconstitutional treatment
A fuller statement of the relevant part of the Fourteenth Amendment is this:
"No State shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any State deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws."
The amendment appears to constrain State, but not federal, laws. It is silent about whether federal law such as that proposed may apply differently to citizens and non-citizens. That does not mean CISA is a good idea; it is not. The Constitution permits a great many things that are not very bright.
Re: No cloud is still the best option
This post is, perhaps, correct in some sense but there are a few questions worth considering.
First, is there a reason to care whether an NSA (or CSEC, GCHQ, ASD, GCSB or, indeed, any other signals intelligence agency) would care about your business or would be in position to harm you or a business you operate? While that might seem too much like "if you have nothing to hide you have nothing to fear", it is part of the task of evaluating risk. In the US, illegally obtained evidence is likely to be excluded by a judge, and that would, possibly with additional legal arguments probably extend to information obtained using warrants issued based on illegally obtained communication intelligence. The other Five Eyes nations, and most others we generally think of as democratic probably are similar.
Second, is data you hold a target for criminals wishing to exploit it (Target, for instance), or competitors? For both questions, what is the probable cost in recovery efforts or lost business? Are there other risks to evaluate?
Third, will changing to a different provider or doing the work in house reduce exposure overall, and at what cost? What are the appropriate mitigations, such as link or disk encryption?
The answers will vary, depending on numerous details, but for most people, and most businesses, most of the time, action by one's own government is unlikely to be the most important risk. My own preference is to store all of my data on my equipment, on my premises, under my direct control; and except for google backup of my cell phone, which contains no data I think important, I do that. But II do it more to try to protect the personal credit and other personal financial information than to guard against the government (in my case, the FBI or NSA).
Re: If someone invented a device to extract kilowatts of electricity from the vacuum...
It is not entirely clear how the activity described is beneficial to the public. Public benefit would be maximized by fully disclosing the patent to everyone for immediate free use by anyone. Issue of the patent, as was recognized by the authors of the US Constitution, is a way of rewarding the clever inventor by allowing part of the public benefit to be converted to private benefit. The temporary monopolies that patents grant were thought to be undesirable, but offset by the public benefit of public disclosure that allowed others to extend and improve technology. That may be so in the case where the alternative is keeping trade secrets. In the case of enterprises whose sole or primary business is extracting monopoly rents using purchased patents (or even patents on its own inventions) it is very unlikely to be true.
No. "Work to rule" would be to deny every request and force the requester to go through the courts. Given that many of these requests would involve competing legal and other interests, that would be correct.
Re: Whither the mission creep?
Well, the NSA and its predecessor agencies have been doing pretty much what they are doing now, and sometimes more intrusively*, for at about 75 years. Its Five Eyes associates, and signals intelligence agencies of other democratic nations such as France, Germany, Sweden, Israel, and others probably have been doing much the same for about the same period. Mission creep, if there were any, should be apparent by now.
* SHAMROCK and MINARET, for example.
Re: Re: they're a spy agency
"You want to spy, you spy legally."
You cannot mean this to be taken seriously. Depending on the point of view, NSA's activities are either legal (under US law, and subject to future determinations about legality and about the constitutionality of the enabling laws) or illegal (under the laws of the countries in which the targets are located). That is equally true, with obvious adjustments, for the comparable spying done by intelligence agencies of other nations.
Edward Snowden is not a traitor by the definition that counts: Article III, Section III of the Constitution. He broke rules, and may be honorable or not depending on one's opinion, but a traitor he is not.
Stupid grading scheme
You get a B for upvoting the Sensenbrenner-Massie-Lofgren amendment, which is a sop and won't inconvenience the NSA in any significant way.
One upvote for veti as well.
Re: Old Mainframe is "New" again?
While mainframe security is baked into the Authorized Program Facility for privileged programs, the primary factor in overall security is in System Authorization Facility exit to the add-ons that provide Mandatory Access Control. The MAC products are optional, and may be either from IBM (RACF) or others (Top Secret, ACF-2 being the primary ones), and are analogous to SELinux or, I think, Grsecurity or AppArmor). Linux with SELinux probably is on a par with a z12 and RACF for security purposes.
On the contrary ...
"This strange doctrine" now is supported by both statute and Supreme Court decision. The remaining part of the quote - "Neither individuals nor corporations have any right to come into court and ask that the clock of history be stopped, or turned back" - is morally correct but has been overridden by the legislature and the courts.
Re: I was expecting this...
Aereo was, indeed, attempting to skirt the 1976 changes that imposed fees on cable company redistribution of broadcast material. The plan was reasonably clever, fairly persuasive, and at least one judge found it lawful. Now the Supreme court has found that under that law Aereo, like the cable operators, is required to pay broadcasters for the benefits they bring to the broadcasters in the way of improved signal availability and added features.
The proper correction is for consumers to interest their Senators and Representatives in correcting this and other obvious flaws in the copyright laws, by indicating to them that it will influence their vote in the next election. It almost certainly won't happen, though, as this is one of those cases where a great many people pay a small amount each (and so care little) for the large benefit of a few (who care much and are willing to lobby and litigate extensively to attain their goals).
Re: Supreme Court finds common sense again!
I would say that if you are being arrested there is no reason the police should not seize your phone or other storage device, but they should be required to obtain a warrant before looking at the contents. Otherwise, I see no reason for the large number of negative votes.
Re: In some ways ...
Incorrect to the extent that searching a portable storage device (one's "effects", perhaps?) should require a warrant whether it has technical protection or not, just as would be true of a residence. If the arresting officers think a phone is worthy of search, all they need do is remove the battery or drop it into a Faraday bag (or simply wrap it tightly in aluminum foil) and seek out a pliant judge. There will of course, be exigent circumstances, but they should be rare exceptions to the rule.
Re: tom dial Creamy-G00dness AC pattern forming
Earning is a distinctly imperfect proxy for intelligence. Of the many reasons that individuals have different incomes, intelligence is one. Others include personal choice of occupation, education and its availability, obligations assumed, e. g., to care for spouse, siblings, or parents, various kinds of discrimination (favorable and unfavorable), ambition (or its lack), luck, and doubtless others.
And while the genetic component of intelligence appears to be rather high, IQ, which is the basis for most studies that reach this conclusion, does not by quite a ways measure everything we can reasonably think part of "intelligence".
The point about uncoolness of eduction is well taken, but over the first 20 or 30 years of adulthood might not correlate well with either intelligence or economic success.
Re: Snowden is neither a whistleblower or hero
In fact, most of the "revelations", at least those that bear on civil liberties both in and out of the US, were tolerably well known to those with any interest no later than 2006 or 2007. Many of the programs were known by name, and it was widely assumed that NSA's Utah data center had the purpose of storing "all" communications despite the manifest impossibility of that.
What Snowden did, like it or not, was arrange for mass media publication of this information, largely in the form of PowerPoint presentations that at best provided little information about the programs' structure and operation but generated and fanned a moral panic. It probably has not done great damage to national security, but certainly has enhanced general distrust of government motives and activities that already was substantial due to previous missteps dating back two or more decades.
Re: Creamy-G00dness AC pattern forming
Specific genetic disorders excepted, there is no real evidence that the less well-off whom you assume to be of below standard intelligence have children inherently less intelligent than the successful and well-off of whom you assume high intelligence.
And clearly worth another few downvotes for "Snowjob", "sheeple", and similar.
Re: What has changed since
There is no evidence of any consequence in the documents released either by Edward Snowden or later by the U. S. government that the NSA thinks it is above the law. Taken as a whole they reveal extensive surveillance programs, some of them applied to domestic communications, that in addition to being approved within by the agency's legal counsel were approved by the Department of Justice (and presumably, in general terms, by the President). The programs were held by the FISC to be lawful in most cases, and appear to have been terminated or modified when not. Program operation, including errors and excesses, were reported regularly to the DoJ and FISC.
In the search for bad guys we have tended to narrow the search rather too early and too much. To the extent there is a problem, it affects a major part of the Executive branch, a rotating and rather extensive group of Federal judges who serve on the FISC and its appeals court as additional duty. And that is before even considering the Legislative branch, which passed and re-passed the enabling laws. Whether they did so unknowingly, as some of the members now claim is largely immaterial, although I respect them less, as such statements show rather clearly that they were insufficiently attentive to their proper duties.
Last, of course, are the voters who elected both the President and the legislators, mainly on the basis of largely hollow promises to distribute benefits to all. And the voters are the same, more or less, as those who cheerfully share their personal information with Google, Facebook, Bing, Yahoo, Twitter, and other social media sites.
Things may be different in the UK with GCHQ, but aside from relatively inconsequential details I rather doubt it.
FIPS 140-2 refers to validation of cryptographic modules. Unauthorized use of creds has nothing to do with cryptography, although how the creds were obtained might.
For what it's worth, the OpenSSL FIPS object module (OpenSSL was mentioned in the article, but only in speculation) has been FIPS 140 validated for several years (most recently on 12/20/2013) at 140-2, when built, deployed, and used according to a precise recipe. When I last looked, it was the only cryptographic module validated in the form of source code. One may reasonably conclude that (1) validation of cryptographic functions does not guarantee there are no bugs; and (2) cryptography is a necessary part of overall security, but far from a sufficient one.
In all likelihood, insider threats, whether malicious or accidental, still are the most likely to become problems.
Re: If that's really the case
The article said it was Heartbleed, but offered no evidence whatever, only a "purported" connection together with conjecture and a somewhat misleading description of the Heartbleed vulnerability. The source linked,
does not mention Heartbleed. The only indication of a connection between this event and the Heartbleed OpenSSL vulnerability appears to be "hart bled" in the text message pictured. So it is entirely appropriate to question how the access was made and how any necessary credentials might have been obtained.
All internet corporates - except those which actually are publishing the content someone found objectionable.
It is not clear why Google (or Bing, Yahoo, ...) should be in the position of adjudicating controversies about claims that indexed information (a) refers to the petitioner, (b) harms them unfairly, and (c) does not serve a public or comparably privileged private interest by virtue of its availability. They, all of them, should defer to the courts or relevant data commissioner.
Re: censoring stuff for China
No. Google* is not the U. S. government, and is not constitutionally constrained as to what it may choose to index, or not. The Constitution limits what the government may do, as, for instance, in telling Google* what it may not make available. Google* could censor in the U. S. pretty much whatever it chose.
On the other hand, Google has been sued, and various government actors in the EU have taken it to task for details in presentation that the plaintiffs considered "unfair" largely because their websites were displayed less prominently than they wished.
Upvoted for the main point, though.
* To be understood as "Google, Bing, Yahoo, DuckDuckGo and other less prominent search operators".
Re: ... and E) -- @Charles Manning
The main problem with this, of course, is that the NSA, with exceptions that are minor in relation to the overall programs it operates, is not breaking the law. It is a perfectly tenable position to argue that the law should be held unconstitutional, but it has not. It also is perfectly tenable to argue that even if the law is not held unconstitutional (and that appears possible) it should be changed to agree better with what we think the law should be, perhaps on the basis that the programs now in operation are unnecessarily intrusive and have not, after somewhere between 10 and 75 years, shown that they have benefits consistent with their costs. The Constitution limits what the government may do, but there is no requirement that the laws permit everything within those limits.
Re: ... and E)
There is no evidence at all for this claim. At the worst one might argue thatt the NSA is part of a conspiracy with, in addition, the Secretary of Defense, the Attorney General, a quite a few federal judges, the intelligence committees of both the Senate and the House of Representatives, and a large number of military and civilian employees in the Executive and Legislative branches of the federal government. All of them are in it up to their necks, whatever "it" might actually be.
One reasonably certain thing about the DoD appropriation bill is that the President will sign whatever the Congress finally agrees on, whether it contains this amendment, a weaker/stronger version, or none at all.
Another fairly certain thing about it is that it won't get much in the way of anything anyone in the above conspiracy thinks essential, especially with the exceptions of paragraph b and the CALEA exception in paragraph d.
(The text can be found by searching H5544 in
My conclusion is that the numerous representatives voting for it probably in many cases had a pretty good idea of the state of government electronic surveillance, and should have if they did not, now sense it is unpopular and are currying favor with the voters back home. And the EFF and similar organizations are appropriately happy to have a little something to write up in their donation appeals.
OpenSSL may not be the only SSL implementation, but it is free (as in speech if not beer). Givien the difficulty of getting cryptographic implementations right it might be better to concentrate resources on implementing and making secure a single free implementation, whether OpenSSL, LibreSSL, or another, than to have competing implementations, each insecure in its own ways.
Re: This will mean...
I think not. "Prices" associated with the goodies list will have been estimated to cover the full development and production cost over a rather small production run (go ahead, downvote, but these are mostly not mass produced items). The "purchases" will have been paid almost entirely with internal budget transfers - funny money - and billings adjusted at fiscal year end between managers to help them all stay within their piece of the DoD appropriation which, although secret as to its details, is set by the Congress and administered according to the same rules that apply to other agencies.
Re: Be careful what you wish for
From further on in the linked article:
" The Court must adapt to the reality of e-commerce with its potential for abuse by those who would take the property of others and sell it through the borderless electronic web of the internet. I conclude that an interim injunction should be granted compelling Google to block the defendants’ websites from Google’s search results worldwide. That order is necessary to preserve the Court’s process and to ensure that the defendants cannot continue to flout the Court’s orders."
Would it not be more sensible to require that the source of the "no longer relevant" data be compelled to restrict internet access to it? Would not the Google (and, one would assume, Yahoo, Bing, Duck Duck Go, and other index entries) then evaporate? Do the ECJ not have the stones to order something that might actually be a solution?
"[Data processors] have a duty to ensure that the data that they hold and process is accurate and up to date"
It does not seem that they were accused of failing to do that. The complaint appears to have been that they did, in fact, present an accurate and up to date extract of data found on La Vanguardia's web site describing the auction for back taxes of property owned by Mario Costeja González. The "problem" was not inaccuracy, but that it was old, and the subject didn't like it. The Spanish court, rather than take the sensible approach of ordering La Vanguardia to stop its continual republication or at least indicate to Google that it should not be indexed, instead ordered Google to make it less findable.
Re: "See, if we comply with your crazy order, you stupid judge - everything breaks."
Please do so, loudly and often.
Re: In other mildly related news:
I did not read into the summaries I saw that Google would have to "forget" things in the US that were ordered "forgotten" in the EC. They might do that, out of convenience, my impression is that they do not have to. If the order was for world wide "forgetting" of "obsolete or no longer relevant" pages, it is as asinine as orders by US judges that purport to apply US law to internet activities outside the US.
The Arab Spring. Well, it hasn't worked out all that well for the Egyptians, Tunisians, or Syrians, to mention a few of the more populous countries, and the secondary fallout in places like Nigeria is unpleasant, to understate considerably. Havoc seems a reasonably appropriate description. The number of downvotes seems likely to be mainly a matter of giving the finger to the US.
Re: Lower CO2 emissions maybe
In my experience, admittedly a bit limited, only a tiny fraction of "progressives" are able to understand, let alone actually handle, mathematics above the elementary school level. Coupled with the inability of nearly everyone to analyze and evaluate risks rationally, that leads to idiotic actions such as the article describes.
"Edward Snowden is not important. The information is important." Most of the information has been publicly available, with somewhat less detail, for years, and the activities described have been going on in various forms since before World War II. Books and articles have been written and published describing them. Bulk communication collection at places like Menwith Hill and the potential tracking use of cell phones (mentioned in a later post) are widely known for quite a while. Not much has happened.
So perhaps Edward Snowden actually is important. Perhaps, but the pace and degree of change underway suggest otherwise. "Reset the Net" might have an effect, but even with that skepticism is in order.
Re: So everything is alright then
In other words, "we have met the enemy and he is us." (Pogo, 1970)
Re: Typical. @Plump & Bleaty
Rudeness and name calling turn most people away from any valid points you might have made. Hence the down votes.
Re: "Orwellian" isn't an absolute
One of the article's points seems to have been that there is in the UK (and I would add, the US) what must be, to some, a fairly distressing lack of evidence that either government has attempted to emulate East Germany, let alone actually done so. That seem to be true also for the remaining Five Eyes, Germany, France, Sweden, and Israel, to mention some whose names have come up in a context of collecting telecommunications data.
All of these are stable democratic regimes with regular electoral options to change personnel in charge. They also have a comparatively free press to raise the alarm when the government steps out of bounds. The chance of anything like this uproar over government surveillance happening in East Germany would have been about zero, and I suspect it would not happen many other places today.
As one of the first posters noted, the risk seems not to be from present governments but from ones that might be installed in the future. In the countries named above, communication (and public video) surveillance or not, we voters will have ourselves to blame if that happens. It is well and good to talk of reforming the government's surveillance, although I haven't seen evidence that is likely to happen in the US, but it is a plain fact that a government intent on establishing a police state has little need for communication surveillance. As the East German experience demonstrates, it will not lack informants to provide it precise and timely information about dissidents.
Re: @RyokuMas It's not today's government you need to worry about...
In the US, law requires the government to offset the cost of satisfying its orders for production of customer data. That is not quite the same as the companies "stumbling over themselves to hand over our data in exchange for millions of pounds in cold, hard NSA/GCHQ cash."
The case in the UK might be different, but I would guess not.
Re: Humans > robots?
But if the future is similar to the past, there will be no money left for NASA from any "peace dividend". Between 105% and 110% will be allocated to visible things to induce votes for incumbents. Martians, if any, do not vote in US elections. NASA, its dependents, and its employees and their dependents are few enough and scattered enough to be given low priority.
- DINO-SLAYER asteroid strike was a stroke of bad luck, say boffins
- BEST BATTERY EVER: All lithium, all the time, plus a dash of carbon nano-stuff
- Stick a 4K in them: Super high-res TVs are DONE
- Review You didn't get the MeMO? Asus Pad 7 Android tab is ... not bad
- Russia: There is a SPACECRAFT full of LIZARDS in orbit above Earth and WE control it