×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Eric Schmidt: To Avoid NSA Spying, Keep Your Data In Google's Services

IamTheRealMike Re:Under US Jurisdiction? (281 comments)

No but if you got a government request for your keys you'd know about it.

The government "request" would come in form of customised malware and you'd never even know you got hacked.

If google gets such a request you wouldn't know you were compromised.

You aren't gonna know, no matter what.

It isn't like they are sending l33t hackers to break in and get the data.

Schmidt isn't an idiot, despite how the press like to portray him via selective quoting (note that TFA does not provide much context for this quote). When he says Google is the safest place to put your data, he's probably comparing Google to other companies that provide similar services, not some hypothetical fully self hosted system - bearing in mind self hosting of email is rapidly going the way of the dodo even in business situations (it died for home email a long time ago).

Given that Yahoo still have not fully deployed SSL everywhere let alone encrypted their internal datacenter links, and if Microsoft have a similar effort they aren't talking about it, there's some evidence that he might be right. After all, if you get a government warrant for your data you're just as stuck as Google is: not much you can do about it. On the other hand, you are unlikely to secure your infrastructure as well as Google does.

5 days ago
top

Eric Schmidt: To Avoid NSA Spying, Keep Your Data In Google's Services

IamTheRealMike Re:Under US Jurisdiction? (281 comments)

But Google makes money from targeted advertising

Google makes significant sums of dough from paying corporate customers who use Google Apps. These clients can switch off advertising if they like. These are also the places where some of the most sensitive data is stored.

So Google have both the financial means and incentive to solve the end to end crypto problem for such clients. The difficulty is not financial. It's technological. Matching even just the feature set of Gmail with end to end crypto is insanely hard, and that's before you hit the "everything is a web app" problem.

5 days ago
top

Eric Schmidt: To Avoid NSA Spying, Keep Your Data In Google's Services

IamTheRealMike Re:Under US Jurisdiction? (281 comments)

The point of forward secrecy is there are no such keys to seize. The "master keys" are only used for identification, not encryption. So whilst a gov could theoretically seize Google's keys, this does not help them decrypt wire traffic. They'd have to do a large MITM attack, and to get everything? They'd have to decrypt and forward ALL Google's traffic. Not feasible.

Good use of applied cryptography means that realistically the only way for a government to get data out of it means requesting it specifically from the providers. In places where the warrant system has been vapourised (which certainly includes the USA and UK), this might not seem like much, but it does help prevent fishing expeditions.

5 days ago
top

Fraud Bots Cost Advertisers $6 Billion

IamTheRealMike Re:Not sure who to cheer for (190 comments)

Thus spake sexconker, on advertising-supported Slashdot, which he has been reading and posting to for five years.

about two weeks ago
top

New Destover Malware Signed By Stolen Sony Certificate

IamTheRealMike Re:Here come the certificate flaw deniers....... (80 comments)

In practice, a certificate is nothing more than a long password

Fail. A certificate contains a public key. This is nothing like a password. You're thinking of a private key. The whole point of a certificate is that you can prove your identity to someone without sending them your password.

Unlike the password in somebody's head or even on a sticky note behind the monitor, these certificate files can often be stolen remotely!

Double fail. Firstly, nobody actually steals certificates. Certificates are public. When someone says something was signed with a "stolen cert", what they actually mean is "stolen private key the public part of which is contained in a certificate signed by a trusted third party", but that's a mouthful, so we simply and say "stolen cert".

Secondly, private keys can and absolutely should be protected with a password! Or they can be kept in special hardware. However, as you may have noticed, Sony got pwned pretty hard so presumably whatever private key was stolen either had no password, or they were able to just keylog the password when it was used.

These people are a joke.

The joke is on you ..... certificates are not a replacement for passwords and if you think they are, you didn't understand what they're used for.

about two weeks ago
top

Uber Banned In Delhi After Taxi Driver Accused of Rape

IamTheRealMike Re:Culpability? (180 comments)

More news (seems this story is unfolding right now) - apparently the driver did NOT have a prior conviction for rape at all, but in fact had only been arrested due to an accusation. So it seems that the first possibility was the correct one, and there's really nothing that could have been done here (unless you believe anyone should be able to ban anyone else from being a taxi driver for life with nothing more than an accusation).

about two weeks ago
top

Uber Banned In Delhi After Taxi Driver Accused of Rape

IamTheRealMike Re:Culpability? (180 comments)

If that is the case, and the guy came up clean but yet still went on to do X, how is Uber any more culpable than a taxi company hiring a cabbie with no record, who subsequently goes out and does X, or a tour company hiring a bus driver with a spotless background, who nonetheless does X?

They aren't. But it seems like there's a new trend in town - when a foreign tech company could potentially have guessed that someone using their service might potentially have done something bad, they're automatically at fault. See: Facebook and Lee Rigby in the UK.

In this case, the logic seems fairly simple - the guy apparently had a prior conviction for rape, thus, should not be allowed to be a taxi driver. If Uber had checked then the rape wouldn't have happened (assuming it did). The problem is the guy's prior conviction was also for raping someone in a taxi cab, so obviously this isn't a solution to all such problems because there's always a first time. Another problem is that I've read India doesn't actually have a national conviction database system, indeed they barely have a coherent national identity scheme at all (I remember reading about programmes to try and introduce biometric identity nationwide to fix this but it's a huge job). Apparently the way you do a background check is walking in to the local police district office and asking. If the crime happened elsewhere, tough luck. For anyone who knows the real situation in India, I'd be interested to know if this is true.

Anyway, even with reliable background checks, you can quickly end up in a situation like the USA where former felons cannot get jobs anywhere (see recent /. story about this problem), and then you get rules like in Europe where former convictions get wiped from the record after a few years to stop that happening, so there are no solutions that make everyone happy.

about two weeks ago
top

How the Rollout of 5G Will Change Everything

IamTheRealMike Re:Who cares (216 comments)

you think they put in the caps because they dont have enough bandwidth coming from their towers? you, sir, are sadly mistaken. they do it for one reason. PROFIT.

Do you think radio spectrum is an infinite resource?

Mobile networks absolutely have capacity constraints, often very complicated ones that exist in multiple dimensions or vary by region. But that'd be too complicated for people to deal with, so we end up with an approximation of 1 or 2 GB/month. Which by the way is very standard across the developed world. In Switzerland most carriers are also providing this sort of quota and there are several competing, with a new (UPC) just entering the market now. They are all doing roughly the same thing, although I'm sure they could hoover up customers by offering a lot more bandwidth for the same price. For what most users are doing on the move 1G is currently enough and giving everyone lots more quota would simply result in a small number of people doing craploads of torrenting or downloading multi-gigabyte operating system updates over the air instead of over wires.

You can sum up this situation as "PROFIT!!!1!" if you like, but in reality the market is just optimising for resource usage - building more towers and more backhaul and more core routing capacity so a tiny number of users can chew up 10 GB/month instead of 1 GB/month is just not a good use of limited resources.

Still, bandwidth quotas have gone up over time as technology improved. Remember the days when 3G was new? I wrote a J2ME app back then and we counted every last byte.

about three weeks ago
top

Google Told To Expand Right To Be Forgotten

IamTheRealMike Re:This is clearly futile... (193 comments)

If there was a public blacklist, then it'd be easy to build a search engine specifically for blocked content that ran outside the EU, and thus the entire scheme would work even less well than it already does.

What the EU court has set in motion here leads, eventually, to either a Great Firewall of Europe, or the EU getting to perform global censorship against everyone. Neither outcome seems plausible, so, what next?

about three weeks ago
top

Google Told To Expand Right To Be Forgotten

IamTheRealMike Re:This is clearly futile... (193 comments)

What's going through their mind is this - we are politicians and regulators. We are in charge. If our power is being challenged by a corporation, we need to slap them down as hard as possible, as fast as possible, so we remain the top dogs. We are not concerned with minor technical details that boffins like to witter about: we are the Democratic Representatives of The People and that means we must be obeyed!

The way this stupid "right" will play out was clear from the first moment the ruling was made. Lots of people with things to hide will try and get their misdeeds erased (check). Google will try and keep its results as uncensored as possible (check). EU will get pissed off that circumvention is easy and try to force them to perform global censorship (check). IP address based filtering will be implemented (not yet). Then people in America set up dedicated proxy sites so people in Europe can search uncensored (not yet). Then the EU will get mad and tell Google to drop the results from all search results, everywhere (not quite yet). And then there's going to be a big fucking showdown and we'll learn who needs who more. Or perhaps the UK will beat the EU to it with their parliament's retarded "Facebook should implement Minority Report" policies.

Whatever happens, it's looking more and more like there's going to be a big fight, either over this or spying, or both. Politicians are running scared because they suspect when forced to make the choice, a significant number of their citizens would side with Google/Facebook/WhatsApp/Apple over them .... and if you're a politician, that attacks the core of your power and identity. They won't be able to tolerate that.

about three weeks ago
top

Revisiting Open Source Social Networking Alternatives

IamTheRealMike Killer features? (88 comments)

Here's the tricky thing about privacy and social networks: Facebook's privacy support is actually pretty good. Whilst people might tell you in the abstract that they want more privacy from Facebook, figuring out what they would change in concrete terms is very hard. For example, they might say "I don't want to see ads" - but given the choice, they don't want to pay for anything either. So this feedback ends up being pretty useless, equivalent to hearing "I want everything and a pony". It's not a basis for a product.

Google learned this one the hard way with Google+. The original way Google+ tried to differentiate itself from Facebook was with circles. The idea is, Facebooks relatively singular notion of "friend" doesn't reflect the way real people work, this means it doesn't respect people's privacy and so people use the product less .... therefore by giving them better tools, they'd win a lot of users. Facebook responded that they'd tried the same thing, it turns out people don't like making lists of friends and controlling their sharing at a fine grained level, so it wouldn't work. And guess what? Facebook were right. Sure, you interview people in focus groups and they say one thing. In reality they might do something else.

So - decentralised open source social networks. Not gonna work. People might sound enthusiastic when you pitch it to them in the abstract, but actually Facebook works fine for them, and the kind of privacy that matters to them (can people see who views their profile?! Can my parents see my drunken party pics?) is already well supported and tuned.

Ultimately what will do off Facebook, eventually, is a change in how people use social networking that for whatever reason they cannot replicate in their main product.

about three weeks ago
top

Cameron Accuses Internet Companies Of Giving Terrorists Safe Haven

IamTheRealMike Re:And this is why... (183 comments)

I think you know this but sometimes it's a bit hard to read tone on the internet.

HSBC processed transactions for Iran in Europe, at a time when the USA had not successfully forced Iranian sanctions onto the EU and thus they were entirely legal.

The USA did not like this one bit, because Congress had a 'fuck Iran at any cost' mentality that extended to trying to make US sanctions global. And one way they did that is by prosecuting or threatening to prosecute American employees of international banks for transactions entirely legal in both the source and destination locations. It's just empire, nothing more.

about three weeks ago
top

Book Review: Bulletproof SSL and TLS

IamTheRealMike Re:It's not only SSL/TLS (92 comments)

That's not "lack of diligence", that's a fundamental bootstrapping problem. CA's are meant to verify identities. If the identity you are trying to verify is not itself cryptographically verifiable, then the attempt to verify can be tampered with, but the only way to solve that is to use harder to verify identities. Which is what EV certs do, and my own experience of getting one was pretty smooth.

about a month ago
top

Book Review: Bulletproof SSL and TLS

IamTheRealMike Re:It's an encryption layer (92 comments)

You might think I'm exaggerating, but even major corporations fuck this up all of the time. There is no "just choose sensible defaults and give me a secure socket" call, because if there were someone would complain that it's not secure and shouldn't be used.

Sure there is. Perhaps not in C but what did you expect? Here we go in Java:


HttpsUrlConnection conn = (HttpsUrlConnection) new URL("https://www.google.com/").openConnection();
Certificate[] certs = conn.getServerCertificates();
InputStream stream = conn.getInputStream(); // read stream here ....

That'll do the right thing by default.

SSL is imperfect, but that's because crypto is hard, not because of some fundamental fuckup somewhere and if only we all used the alternative protocols (which?) everything would be peachy.

about a month ago
top

Google Chrome Will Block All NPAPI Plugins By Default In January

IamTheRealMike Re:Which 6? (107 comments)

Yes, but exploited browser rendering engines have been a large source of infections too. Sandboxing mobile code is just really hard. However the web is indispensable whereas Java applets aren't, so Java is the one that gets thrown out.

I suspect there isn't any way to build support for Java applets that satisfies Google's policies, therefore, they will end up being restricted to other browsers for the small number of people who need them (mostly enterprise apps).

These days the Java sandbox is actually a lot better than it used to be. Last I heard there had been no zero days this year at all. However, the Java update story still sucks, and Sun/Oracle have made Java supremely unpopular on Windows thanks to the crappy update nags and bundled adware. So nobody will be sad to see it go. Java is moving to JRE bundling for distributed apps anyway: I've written one with the new tools and it basically works like a regular desktop app, with a native installer / package on each major platform.

about a month ago
top

Judge Unseals 500+ Stingray Records

IamTheRealMike Re:Police legal authority (165 comments)

I know, the stingray is essentially a hacking tool. That makes you think though, why on earth is there a large wireless network carrying sensitive data without TLS (transport layer security), or encryption between the modem on the phone, and the carrier? Either the contents are not sensitive, or the carriers / cell phone manufactures are complicit or worse.. incompetent.

GSM dates to 1987. When it was created, the previous mobile telephony standard was analogue - you could listen in on calls just with a regular radio. There was a very small amount of digital signalling to the network, but the field of commercial crypto hardly existed back then and subscriber cloning/piracy was rampant. GSM introduced call encryption and authentication of the handset using (for the time) strong cryptographic techniques. It was very advanced. But it didn't involve authentication of the cell tower to the handset, partly for cost and complexity reasons and partly because a GSM base station involved enormous piles of very expensive, complex equipment that had to be sited and configured by trained engineers. The idea of a local police department owning a portable, unlicensed tower emulator was unthinkable, as the technology to do it didn't exist, and besides .... trust in institutions has fallen over time. Back then it probably didn't seem very likely police would do this because they could always just get a warrant or court order to turn over data instead.

When 3G was standardised, this flaw in the protocol was fixed. UMTS+ all require the tower to prove to the handset that it's actually owned by the network. Little is publicly known about how exactly Stingray devices work but it seems likely that it involves jamming 3G frequencies in the area to force handsets to fall back to GSM, which allows tower emulation.

The latest rumours are that the company that makes Stingrays has somehow found a way to build a version that works on 3G+ networks too called "Hailstorm", but it's dramatically more expensive and as mobile networks phase out GSM in the coming years police departments are having to pay large sums of money to upgrade. The whole thing is covered in enormous secrecy of course so it's unknown how Hailstorm devices are able to beat the tower authentication protocol. Presumably the device is either exploiting baseband bugs, or is using stolen/hacked/court-order extracted network keys, or it was built in cooperation with the mobile networks, or there are cryptographic weaknesses in the protocols themselves.

about a month ago
top

WhatsApp To Offer End-to-End Encryption

IamTheRealMike Re:FBI Director James Comey may not care. (93 comments)

it's all, once again, a lot of buzzwords, and zero security.

That's a bit unfair. Yes, any security system that tries to be entirely transparent cannot really be end to end secure, but nobody has ever built a mainstream, successful deployment of end to end encryption that lets you use a service even if you don't trust it. There are many difficult problems to solve here. Forward secure end to end encryption behind the scenes is clearly an important stepping stone, and OWS has said they will expose things like key verification in future updates. Just because they haven't done everything all at once, and solved every hard problem, does not mean it's just a lot of buzzwords.

about 1 month ago
top

Republicans Block Latest Attempt At Curbing NSA Power

IamTheRealMike Re:Beware the T E R R O R I S T S !! (445 comments)

You're willing to sit on the sidelines while ISIS engages in a campaign of genocide and ethnic/religious cleansing? ...... They're barbarians and they need to be terminated with extreme prejudice.

You're against ethnic/religious cleansing but want to "terminate with extreme prejudice" an entire very large group of people largely defined along ethnic and religious lines .........

words fail me

about a month ago
top

Republicans Block Latest Attempt At Curbing NSA Power

IamTheRealMike Re:So basically (445 comments)

If the entire government became Libertarian today, it would take less than 10 years for corporations to take total control of governance and we'd have just as much (or probably more) squashing of individual liberties, but no longer any accountability to voters.

Isn't that a contradiction? I'd think a libertarian government would not want anyone, owners of large corporations included, to take over governance. That's kind of the definition of libertarianism, I thought.

Additionally, I'm having a hard time recalling the last occasion on which a company squashed my civil liberties. Actually I don't think it ever happened. Companies, even big ones, are typically very simple creatures compared to governments - they have simple needs and simple desires. Even companies that can't be easily reduced down to the profit motive (most obviously Google in this day and age) still have quite simple motivations, in their case "build sci fi stuff".

On the other hand, our awesome western governments routinely kill people for merely being in the wrong place at the wrong time or receiving a text message from the "wrong" person (see: signature driven drone strikes).

Whilst these governments aren't quite at the stage of drone striking people who are physically in western countries yet, they certainly are willing to do lots of other nasty things, as residents of gitmo will attest. So given a choice between a government that did very little and mostly let corporations get on with it, or the current state of affairs, it's pretty hard to choose the current state of affairs given the very very low likelyhood of companies deciding to nuke people out of existence of their own accord.

There are many powerful players in society and I'm not one of them. Does it make me a crony capitalist or a welfare queen when I decide I'd rather the power go to those I can vote out of office than those I can't?

No, it doesn't make you either of those things. It does mean you have a lot more faith in voting than other people do. This can be described as either very reasonable or perhaps naive, depending on where you live. E.g. in places like America or the UK voting is driven almost entirely by the economy and matters of foreign policy or the justice system have no impact on elections, politicians know that so they do more or less whatever they like. In places like Switzerland where there are referendums four times a year, preferring voting power to market power would make a lot more sense.

about a month ago

Submissions

top

China performing SSL MITM attacks on iCloud

IamTheRealMike IamTheRealMike writes  |  about 2 months ago

IamTheRealMike (537420) writes "Anti-censorship blog GreatFire has published a story claiming that SSL connections from inside China to Apple iCloud are being subject to a man in the middle attack, using a self signed certificate. Apple has published a knowledge base article stating that the attacks are indeed occurring, with example screenshots of the SSL cert error screens used by popular Mac browsers. Unfortunately, in China at least one natively produced browser called Qihoo markets itself as "secure", but does not show any certificate errors when presented with the self signed cert. Is this the next step towards China doing systematic SSL MITM attacks, thus forcing their population onto Chinese browsers that allow the surveillance and censorship to occur?"
top

Fake PGP keys for crypto developers found

IamTheRealMike IamTheRealMike writes  |  about 9 months ago

IamTheRealMike (537420) writes "In recent months fake PGP keys have been found for at least two developers on well known crypto projects: Erinn Clark, a Tor developer and Gavin Andresen, the maintainer of Bitcoin. In both cases these PGP keys are used to sign the downloads for popular pieces of crypto software. PGP keys are supposed to be verified through the web of trust, but in practice it's very hard to find a trust path between two strangers on the internet: one reply to Erinn's mail stated that despite there being 30 signatures her key, he couldn't find any trust paths to her. It's also very unclear whether anyone would notice a key substitution attack like this. This leaves three questions: who is doing this, why, and what can be done about it? An obvious candidate would be intelligence agencies, who may be trying to serve certain people with backdoored binaries via their QUANTUMTHEORY man-in-the-middle system. As to what can be done about it, switching from PGP to X.509 code signing would be an obvious candidate. Both Mac and Windows support it, obtaining a forged certificate is much harder than simply uploading a fake PGP key, and whilst X.509 certs can be issued in secret until Google's Certificate Transparency system is fully deployed, finding one would be strong evidence that an issuing CA had been compromised: something that seems plausible but for which we currently lack any evidence. Additionally, bad certificates can be revoked when found whereas beyond making blog posts, not much can be done about the fake PGP keys."
top

No back door in TrueCrypt

IamTheRealMike IamTheRealMike writes  |  about a year ago

IamTheRealMike (537420) writes "Previously on Slashdot, we learned that the popular TrueCrypt disk encryption tool had mysterious origins and security researchers were raising money to audit it, in particular, to verify that the Windows binaries matched the source. But a part of the job just became a lot easier, because Xavier de Carné de Carnavalet, a masters student at Concordia University in Canada has successfully reproduced the binaries produced by the TrueCrypt team from their public sources. He had to install exactly the same compiler toolchain used by the original developers, to the extent of matching the right set of security updates issued by Microsoft. Once he did that, compiling the binary and examining the handful of differences in a binary diffing tool revealed that the executables matched precisely beyond a handful of build timestamps. If there's a backdoor in TrueCrypt, it must therefore be in the source code itself — where hiding it would be a significantly harder proposition. It thus seems likely that TrueCrypt is sound."
top

Are the NIST standard elliptic curves back-doored?

IamTheRealMike IamTheRealMike writes  |  about a year ago

IamTheRealMike (537420) writes "In the wake of Bruce Schneier's statements that he no longer trusts the constants selected for elliptic curve cryptography, people have started trying to reproduce the process that led to those constants being selected ... and found it cannot be done. As background, the most basic standard elliptic curves used for digital signatures and other cryptography are called the SEC random curves (SEC is "Standards for Efficient Cryptography"), a good example being secp256r1. The random numbers in these curve parameters were supposed to be selected via a "verifiably random" process (output of SHA1 on some seed), which is a reasonable way to obtain a nothing up my sleeve number if the input to the hash function is trustworthy, like a small counter or the digits of PI. Unfortunately it turns out the actual inputs used were opaque 256 bit numbers, chosen ad-hoc with no justifications provided. Worse, the curve parameters for SEC were generated by head of elliptic curve research at the NSA — opening the possibility that they were found via a brute force search for a publicly unknown class of weak curves. Although no attack against the selected values are currently known, it's common practice to never use unexplainable magic numbers in cryptography standards, especially when those numbers are being chosen by intelligence agencies. Now that the world received strong confirmation that the much more obscure and less widely used standard Dual_EC_DRBG was in fact an NSA undercover operation, NIST re-opened the confirmed-bad standards for public comment. Unless NIST/the NSA can explain why the random curve seed values are trustworthy, it might be time to re-evaluate all NIST based elliptic curve crypto in general."
top

BitCoin reaches dollar parity

IamTheRealMike IamTheRealMike writes  |  more than 3 years ago

IamTheRealMike (537420) writes "The BitCoin peer to peer currency briefly reached exchange parity with the US dollar today after a spike in demand for the coins pushed prices slightly above 1 USD:1 BTC. BitCoin was launched in early 2009, so in only two years this open source currency has gone from having no value at all to one with not only an open market of competing exchanges, but the ability to buy real goods and services like web hosting, gadgets, organic beauty products and even alpaca socks."
Link to Original Source
top

Graduate students being warned away from leak

IamTheRealMike IamTheRealMike writes  |  about 4 years ago

IamTheRealMike (537420) writes "The US State Dept has started to warn potential recruits from universities not to read leaked cables, lest it jeopardise their chances of getting a job. They're also showing warnings to troops who access news websites and the Library of Congress and Department of Education have blocked WikiLeaks on their own networks. Quite what happens when these employees go home is an open question."
Link to Original Source
top

Julian Assange rape arrest dropped

IamTheRealMike IamTheRealMike writes  |  more than 3 years ago

IamTheRealMike (537420) writes "The BBC reports that "Swedish authorities have cancelled an arrest warrant for Wikileaks founder Julian Assange on accusations of rape and molestation. The Swedish Prosecution Authority website said the chief prosecutor had come to the decision that Mr Assange was not suspected of rape." — that was fast!"
Link to Original Source
top

BD+ resealed once again

IamTheRealMike IamTheRealMike writes  |  more than 5 years ago

IamTheRealMike (537420) writes "It's been a few months since we last checked in on how the BluRay group were doing in their fight against piracy, so it's time to see how it's going. At the time, a new generation of BD+ programs had stopped both SlySoft AnyDVD HD and the open source effort at Doom9. That was December 13th 2008. At the start of January, SlySoft released an update that could handle the new BD+ programs, meaning that BluRay discs were undecryptable for a period of about three months in total — the same length as SlySofts worst case scenario. The BD+ retaliation was swift but largely ineffective, consisting of a unique program for every BluRay master. Users had to upload log files for every new movie/region to SlySoft, who would then support that unique variant in their next update, usually released a few days later. Despite that, the open source effort never did manage to progress beyond the Winter 2008 programs and is currently stalled completely, thus SlySoft are the only group remaining. This situation remained for several months, but starting around the same time as Paramount joined Fox in licensing BD+ a new set of programs came out which have once again made BluRay discs unrippable. There are currently 19 movies that cannot be decrypted. It appears neither side is unable to decisively gain the upper hand, but one thing seems clear — only full time, for profit professionals are able to consistently beat BD+. Unless SlySoft or a licensed vendor release a BluRay player for Linux it appears the only way to watch BluRay movies on this platform will be to wait for them to become pirateable."
top

BD+ successfully resealed

IamTheRealMike IamTheRealMike writes  |  about 6 years ago

IamTheRealMike (537420) writes "A month on from the story that BD+ had been completely broken, it appears a new generation of BD+ programs has re-secured the system. A SlySoft developer now estimates February 2009 until support is available. There's a list of unrippable movies on the SlySoft forums, currently there are 16. Meanwhile, one of the open source VM developers seems to have given up on direct emulation attacks, and is now attempting to break the RSA algorithm itself. Back in March SlySoft confidently proclaimed BD+ was finished and said the worst case scenario was 3 months work: apparently they underestimated the BD+ developers."
top

IamTheRealMike IamTheRealMike writes  |  more than 7 years ago

IamTheRealMike (537420) writes "Rose George has written a fascinating tour of the sewers of London — rarely seen yet essential to life. But the sewers are in decline, with the last of the flushermen who know their inner workings about to retire. Although some of the work is now done by robots and contractors, can anything replace the experience of the men who roam the tunnels by night destroying fat blockages, searching for leaks and repairing the underground labryrinths below our cities?"
top

IamTheRealMike IamTheRealMike writes  |  more than 7 years ago

IamTheRealMike (537420) writes "As one of the worlds most prolific producers of oil, Saudi Arabian production is of vital importance to maintaining our standard of living in the west. A new analysis from Stuart Staniford appears to show large, fast declines in production throughout 2006 that are uncorrelated with price, world events or OPECs own announced production cuts (in fact, no evidence for those cuts occurring is found at all). Given that the apparent steep decline (8%/year) matches the rates seen in other areas where horizontal drilling and water injection were used, and high prices give the Kingdom every incentive to produce, is this the beginning of the end for Saudi oil?"

Journals

IamTheRealMike has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?