Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Interview: Ask Theo de Raadt What You Will

carp3_noct3m Thanks for all your work... (290 comments)

I know it can sometimes be more of a burden, but thanks for all the work you have done Theo. I use OpenSSH everyday, and I find it to be one of the most reliable, most secure (even with all the NSA revelations) pieces of software in daily use around the world.

That being said, the more I investigate how to increase security, I am increasingly struck by how borked SSL is as a whole. (CA messes, vulnerable to MITM, DPI, etc).

My question is this: do you think at some point we should start re-evaluating our fundamental kernel architectures to help alleviate some of the security issues recently revealed? I mean, with hard-drive and bios level rootkits, etc, even SSH is standing on a foundation of sand it seems. Thoughts?

about 5 months ago
top

Interview: Ask Eric Raymond What You Will

carp3_noct3m Re:Linus's Law (Many Eyes) Problems (126 comments)

I have had it running on a spare old boxen for a few months now, but I would say you aren't addressing the point, which is mostly in how the code is written. I'm not claiming it's ready for production at all, but I think it is making a lot of changes based on principles that Linux/BSD are too entrenched to rethink, and I feel like we need to rethink the early days of OS design a bit more. Eg, lets have a new debate on kernel architectures.

about 5 months ago
top

Interview: Ask Eric Raymond What You Will

carp3_noct3m Linus's Law (Many Eyes) Problems (126 comments)

Hi, there is currently some debate about the many eyes theory over on HNews (https://news.ycombinator.com/item?id=7342352) about why it's a fallacious argument, but in my view they have it all wrong, in that a core component of Linus's Law is that the amount of code is directly inverse to the amount of eyes that can hit all of that code (or a significant percentage).

Therefore, in my eyes it is the problem of code bloat that is undermining the open source movement more than anything. For example, the Linux kernel is now at, what, 10mil+ lines of code? That's insane. Minix 3, on the other hand, is at ~15k?

What are your thoughts on this problem?

about 5 months ago
top

Why We Need To Teach Hacking In High School

carp3_noct3m It can be done, but not in the current environment (124 comments)

Before I tell my anecdotal story, I want to touch on the fact that the current educational environment is not conducive to this kind of think for yourself learning. We could have a lengthy debate about why this is, and I would mostly refer you to the Reece Committee and Norman Dodd's investigation into tax-exempt foundations. Suffice to say, the fact of the matter is that TPTB don't want a mass influx of independent self-taught thinkers, they want people just smart enough to push the buttons and papers they want them to but not smart enough to go above that (unless they are part of the aristocratic oligarchic class). This is the result of the purposeful introduction of the Prussian education system as a tool of class warfare, but I digress.

I happened to be very lucky in this regard, my highschool was a middle of no-where Mormon-area HS full of hicks and religious people, but a local had been in industry and decided to come back and head the technology department of the school, and brought with him his industry contacts. It was one of the first high-schools to have the cisco networking academy, and I had my CCNA by the age of 17. Besides all that, it was the attitude of this man, who I called my mentor, (Barry Williams of Apache County, if anyone cares to look it up) which really encouraged this kind of thinking. He would encourage us to solve problems on our own, and mostly left us to our own devices. I will never forget the first year I was there, where he organized a wargame, and each of us hooked up our issued cisco routers to a network and the challenge was to be the first to take down everyone elses network. After a few minutes I had taken out two other guys, but then he told all of us to stop, walked over to all our boxen, and simply unplugged the cables.

For a 16 year old that really had an impact on me about thinking "outside the box" of given parameters. Of course this kind of teaching did have it's downsides. I was only a fringe member of the group that did it, but I will never forget the day that people in suits showed up and talked to everyone around the high-tech center but us, and then the FBI held an assembly for this school of hicks and religious people about hacking (of which maybe 15 of us knew what that even was), because, apparently "A" (a senior while I was a sophomore) wasn't joking when he told us he got into the FBI servers. (in his defense, he said he only changed a spreadsheet and then changed it right back just to see if he could). Last I heard "A" was still on the run from the FBI for crimes committed after HS, and I know I definitely was tempted a few times to do naughty blackhat things but resisted the urge. The point is that while teaching critical thinking and hacking is good for the thinking abilities of the student, there can indeed be farther reaching consequences especially if they are of a lower socioeconomic status.

Note: Wow, I haven't logged into /. in ages. Not sure how I feel about it these days, was just bored at work and saw this story.

about 5 months ago
top

Ask Slashdot: Best App For Android For Remote Access To Mac Or PC?

carp3_noct3m SSH (165 comments)

SSH is what you should be using as your connection core, and then using VNC on top if you want a gui. On windows, I've found the cygwin based SSH servers superior (have tested almost every single windows SSH server that is FOSS).

Side note: Wow it's been a long time since I logged into /.

about 7 months ago
top

Keeping Your Data Private From the NSA (And Everyone Else)

carp3_noct3m Privacy protection methods. (622 comments)

I've been meaning for a while to write a guide for friends/family about this. I thing that first you really have to have an understanding of why this is happening, what the goals (hidden and obvious) are for those engaging in the spying, and determine where you stand on the subject before you can't make any sort of plan for implementing the level of privacy you desire. From there the entire discussion is about capabilities and methods. I will forgo the first points in the hope that the hacker mentality still thrives at least somewhat on /.

First, there was metadata,

Metadata combined with modern algorithms and big data can give it's owner just about everything on you. Here is what I consider metadata
(this assumes every point compromised except local, imagine NSL's etc)
IP - Your ISP will always know this. Circumvention includes tor, i2p, other anonymizing technologies. VPN does not secure your metadata. Wardriving. Rooted boxes.
MAC - Much less of an issue, can be spoofed easily. Usually not know outside of edge network devices or ISP.
Time - Heavily used but not well understood. Correlation of login times to compromised activity elsewhere holds up pretty good in court. The longer they've been watching you, the more dangerous to security this is.
Other machine identifiers (agent strings, cookies, DNS, etc) - mostly a software (and knowledge) issue. Have to be able to prevent DNS leakage, spoof agent strings, keep machine clean of cookies (including harder to find/remove cookie types like flash) If you are on windows... this is your most likely failure point.

Then, there was low hanging fruit.
Low hanging fruit: cloud services (webmail providers, social networking, cloud apps, cloud storage/computing, voip/txt chat protocols, etc) If you use these services you must expect them to be compromised and not private. You can choose to not use these services, or compartmentalize use of them (which is my preferred method). Data poisoning becomes more relevant here. Now, you can attempt to be anonymous while using them (say tails(tor) for facebook), but the data is still compromised. But if they can't tie my identity to X, why does it matter. Two reasons: one, because if you are using a service like that, all it takes is one slip up to tie everything to you, and two, because there are other ways beyond even time-data correlation to do so (writing analysis for example)

So, assuming you have figured out how to be relatively anonymous and encrypt your data (ssh, tcplay, dm-crypt, gpg) You self host as many services as possible, and directly connect to people/sites you "trust". You have in intelligence terms "gone dark" or "dropped off". I'm going to ignore the issue of DPI for the moment.

This is where the majority of people who care about privacy want to be. They want to be just enough of a hard target that it's not easy to grab up their info. This is what the 90's cryptowars were about. The ability to go dark.

The problem with this state is twofold: First, your data can still be retroactively inspected. So that AES-256 you think is nice and secure is finally cracked by the NSA (if it isn't already). Then they run it on gobbled up data from the past, and suddenly your encryption is worth jack. (save discussion of storage feasibility for another time, some of the math has already been done over on Schneiers blog)

Second, once you become a target for other reasons, they will resort to other methods. First with off-site but close compromise. Usually ISP. Then escalated to remote compromise (trojans, keyloggers, etc through 0-days or backdoors) If for some reason you are still safe at this point, commence black bag operation. While you are at work, they break into your house and plant a physical keylogger, audio bug, copy HDD, install trojan (MBR not encrypted? evil maid!) or any other number of growing possibilities. This boils down to your physical security. Think your ADT alarm system works? Think again (well, this depends on who you pissed off, normal FBI team probably thwarted, special FBI team or JSOC/OSI/CIA/NSA etc? No problem. Cameras and a self-managed security system in parallel with a more obvious one like ADT might work here. Of course, by the time you reach this point... you have much bigger issues and are likely to be harassed consistently or suicided/plane crashed eventually.

Bottom line, security and usability have an inverse relationship, and you have to decide what level works for you. Just getting to hard-target mode should be fine for most people. Work in R&D and make frequent trips OCONUS though? You better step up your game.

Or you could just stop using technology and go live in the mountains.

about a year ago
top

ATMs Compromised, $45M Taken

carp3_noct3m Re:I wonder how much was skimmed by the bag men (196 comments)

Typically "cashiers" charge about 50 points. The culture of trust in the black market is very interesting but I haven't seen many recent papers about it (post 07ish).

Sidenote: I haven't logged into /. for years... it feels good!

about a year ago
top

Flat Pay Prompts 1 In 3 In IT To Consider Jump

carp3_noct3m Grass is not always greener... (608 comments)

Its not always about money. I recently (about a year ago) went from being a partner at an up and coming IT firm, to the number 2 IT guy for an agriculture company. Before, I was stressed out, always worrying about this client or that client, income, taxes, ticket systems, just in general had too much on my plate. I left due to business structure and strategy disagreements, but now I am working in a laid back environment where I do a good job, and can still take the time to study after hours. IT guys are far too often over-taxed, over-used, and under-appreciated. That is why I think there needs to be a shift in the work environment for IT people or else we will continue to see this constant migration to the always greener grass.

more than 3 years ago
top

US Says Plane Finder App Threatens Security

carp3_noct3m Re:fear (524 comments)

So if you are a threat if you are an: obese imbecile who is content, an obese intellectual who loves whining, a skinny whining inbecile....

more than 3 years ago
top

Why Are Terrorists Often Engineers?

carp3_noct3m Re:Aptitude (769 comments)

You touch on the main point but miss it a bit. Reza Aslan explains how if you are a Palestinian who lives in a trash heap, you are much less likely to be active in terrorism, poorer people are too busy just trying to survive. It is the middle and higher classes, who have the time to ponder the world, who begin to feel disaffected and then use cognitive dissonance to justify certain acts. The majority of real "terrorists" (minus the average brainwashed sunni suicide bombers, who are often minimally religious) are the middle class, which happens to usually be those who go to school. In the middle east, most middle class parents want their kids to be either a doctor, lawyer, engineer, or scientist.

more than 3 years ago
top

EFF Says 'Stop Using Haystack'

carp3_noct3m From Haystack Website (136 comments)

Haystack and Tor do fundamentally different things, and actually complement each other.

Tor focuses on using onion routing to ensure that a user's communications cannot be traced back to him or her, and only focuses on evading filters as a secondary goal. Because Tor uses standard SSL protocols, it is relatively easily to detect and block, especially during periods when the authorities are willing to intercept all encrypted traffic.

On the other hand, Haystack focuses on being unblockable and innocuous while simultaneously protecting the privacy of our users. We do not employ onion routing, though our proxy system does provide a limited form of the same benefit.

To a computer, a user using Haystack appears to be engaging in normal, unencrypted web browsing, which raises far fewer suspicions than many encrypted connections. Authorities can block Haystack only by completely disabling access to the internet, which gives Haystack greater availability in crises, during which the authorities may be perfectly willing to block all obviously-encrypted traffic.

more than 3 years ago
top

Anti-US Hacker Takes Credit For Worm

carp3_noct3m Re:"Anti-US" Hacker? (221 comments)

Translation: The Americans who are Neoconservatives, a political philosophy which supports using modern American economic and military power to bring liberalism, democracy, and human rights to other countries, and are also Facists, which advocates an authoritarian nationalist political ideology that seeks to organize a nation according to corporatist perspectives, values, and systems, including the political system and the economy, are at it again... Put that way, it really isn't that irrational, as those people in particular WERE the driving force for the invasions. **USMC Iraq Combat vet**

more than 3 years ago
top

Anti-US Hacker Takes Credit For Worm

carp3_noct3m Re:Luddite victims. (221 comments)

Forgot to finish-- I would actually argue that the brunt of their intention was representative of the very definition (which is in itself highly debatable) of terrorism: primarily being to inculcate fear.

more than 3 years ago
top

Anti-US Hacker Takes Credit For Worm

carp3_noct3m Re:Luddite victims. (221 comments)

No one with a lick of self respect or sense believes "they" really thought it would remove armies from foreign lands. Reza Aslan says they just use things like foreign military bases, palestine, etc, as an excuse, but the mistake many make is assuming those aren't valid concerns all on their own. The leaders of AQ are too smart to think such a dumb thing.

more than 3 years ago
top

Pentagon Aims To Buy Up Book

carp3_noct3m Re:Is this really censorship? (347 comments)

I've been aware of this for quite some time, and will probably be getting the book anyway. What those of you new to the story are failing to understand, is that they are not just purging names. I agree the names should be purged, but in their press release (too lazy to go find it), they state they want to sanitize names, AMONG OTHER THINGS. This is the key here, using the chance they have to go ahead and take care of any other passages that are a little too embarrassing.... Ideally, I hope someone gets the original, redacts only the names, and then publishes it. Comon wikileaks, get on it.

more than 3 years ago
top

Judge Allows Subpoenas For Internet Users

carp3_noct3m Re:This is going to be a bit unpopular, but.... (338 comments)

The potential for abuse is the key here. Do they have to provide any kind of solid evidence of their accusations? If not, they could theoretically (though it would raise flags) just randomly pick people whos info they want, make some shit up, and subpoena for their info. Now imagine that on a mass scale (the internet)

more than 3 years ago
top

Judge Allows Subpoenas For Internet Users

carp3_noct3m Re:Hrm (338 comments)

The fact that the "pool" in this case the internet, has a few billion people in it....

more than 3 years ago
top

WikiLeaks Set To Release Unpublished Iraq War Docs

carp3_noct3m Re:Of course (411 comments)

Allow me to jump if you will. Industrial, your original statement is a good one, where you basically ask for someone to explain why it feels "cowboyish" to you, but then I feel you misinterpret SmallFurry's intention, you even say "Don't pretend that my statement was about sticking my head in the sand suggesting that I don't want to know where corruption exists. My statement was that the manner in which this is being performed is irresponsible and is harming the cause in those that would normally support something like wikileaks." I feel SmallFurry misdirected his statements at you (he even says so) but what he/she is really saying is that it is a growing trend. Right off the bat there has just been some bad communication here. That aside, both of you in last few posts fall into argument mode and lose focus of the original subject, that being wikileaks methods. You jumped from asking questions with an open mind about wikileaks to firmly stating that you don't and will not support them, and I feel your conclusion a bit premature.

If I may, I feel wikileaks serves and will continue to serve a valuable purpose in the information age. They have made two major mistakes, that everyone has focused on, but I feel and hope they will learn their lesson from. These two major mistakes are IMHO a) the releasing of an edited and editorialized video of the apache shootings and b) not taking the extra time to fully purge names from the Afghan war diaries. If we put these two major things to the side, wikileaks generally does a good job, and is the one that they should stick to, of simply releasing documents with no editorializing. They will quickly undermine themselves otherwise, and that is why they have recently felt "cowboyish". I am a former USMC Iraq combat vet, and still have plenty of contacts in State and DoD, a couple of which are at high levels of intel. They all agree with me (and these are clearance holding guys that advise generals and above) that wikileaks has an important part to play here, mostly due to one of the points Small Furry makes, being the major over-classification of material that shouldn't be, and every single one of them actively acknowledges the US disinfo campaign against Wikileaks.

more than 3 years ago

Submissions

top

U.S. Military "banned" from viewing Wikileaks.

carp3_noct3m carp3_noct3m writes  |  more than 3 years ago

carp3_noct3m (1185697) writes "The U.S. Pentagon has attempted to ban military members from viewing the recently leaked documents on Wikileaks. They say that just because the information is now in the public domain, that it is still classified, and that accessing the documents even from a personal computer is "willingly committing a security violation". I dug a bit further into this, and the Marine Corps apparently thinks that if military personell, especially those with security clearance, purposely accessed the wikileaks website to view classified info "they have willingly placed classified information on an open network not authorized to view classified information and have willingly committed a security violation." I am personally left almost speechless at this disconnect from reality the military is showing. I am an USMC Iraq war vet, and find these policies completely ridiculous and showing of the inability of our supposedly technologically knowledgeable military to fuse this knowledge with policy. Mostly due to the political pressure that has erupted to "take care of" the Wikileaks problem. What do my fellow /.ers think?"
Link to Original Source
top

Iran: the Growing Superpower

carp3_noct3m carp3_noct3m writes  |  more than 4 years ago

carp3_noct3m (1185697) writes "Has America and the west miscalculated its options with Iran? Robert Baer, former CIA officer, seems to think so, according to his book The Devil We Know, Dealing with the New Iranian Superpower. Not only does Bob argue that Iran is already a super-power in the region, but that they have evolved from a radical state into a military dictatorship, one that is much more rational and more willing to be compromised with, but also one that is strategic and will not flinch at sanctions or military action via proxies. Recently I have been hearing more talk of sanctions against Iran from US politicians, but I fear they lack some fundamental understandings of the culture and dynamics of Iran. Take the quiz to see how much you really know. Knowing the strategic advantage Iran has over the Strait of Hormuz and its silkworm missiles that line it, and its control of the Shiite population in other middle eastern countries, given proper motivation,they could send oil prices to $200+ per barrel, sending an already struggling economy into a tailspin. Another complex factor in the issue is Israels response to talks with Iran. Given Iran's recent statements regarding sanctions , should America step back and re-evaluate both its options and knowledge of the Persian nation?"
Link to Original Source
top

Wired writer disappears, find him and make 5k.

carp3_noct3m carp3_noct3m writes  |  more than 4 years ago

carp3_noct3m (1185697) writes "A freelance Wired magazine journalist has decided to see what it is like to disappear from normal life, all while staying on the grid. The catch, is that he is challenging anyone and everyone to find him, take a picture, and speak a special codeword to him. If you can do that, you can make 5000 dollars, which happens to come out of his paycheck for the article he'll be writing. Oh, and to top it all off, whoever gets him gets pictures and interviews in Wired. He has been posting to his Twitter, has been apparently using TOR for internet, and the Wired website will be posting his credit card transactions. So Slashdot, do we have what it takes to show this guy we know our stuff? Hop to it my minions."
Link to Original Source
top

Scroogle.org alternative to Google.com spying

carp3_noct3m carp3_noct3m writes  |  more than 6 years ago

carp3_noct3m (1185697) writes "Scroogle.org (please don't go to Scroogle.com, its pr0n) Offers a good alternative to Google.com and their lack of privacy. from http://business.timesonline.co.uk/tol/business/industry_sectors/technology/article3055825.ece "The London-based watchdog Privacy International ranked Google as "hostile to privacy" in its survey of internet firms, its lowest rating. Rivals Yahoo and Microsoft also fared poorly." "Google, the industry leader, stores personal information for 18 months, as does Microsoft's search engine. Yahoo and Time Warner's AOL retain search requests for 13 months." So, if you're like me and have been looking for a Google alternative, this may be it, at least until its shutdown."

Journals

carp3_noct3m has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...