×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Lavabit Loses Contempt Appeal

danheskett Re:Also Disturbing (116 comments)

Well you are right. Thanks for that. I think that I have improperly cement Section I as the only one establishing courts because it is the one most cited in research, Section II being well settled by this point.

I was not originally suggesting the Court seek out cases or controversies, or have a police power (like in, say, France).

I do suggest that they need to actively distrust in hearings and rulings the claim that the Government will do what it says. In the case, Lavabit, the Government says matter of factly that it will not use the SSL keys to do anything to the other 400,000 customers of Lavabit's service, but that is (a) not binding and (b) not believable. It would be ideal if a Judge, hearing such a claim, pro-actively took steps to either force the Government to adhere to that (i.e. consent agree) or to in some other way hold it harmless. It is really in a way too bad that the Government can't usually be forced to post a bond. Levinson was fairly clearly concerned that the Government would overstep their authority, leaving his customers damaged and himself without recourse. This was the nature of his request to provide the data after the fact (after he could verify it was only targeted to one customer who under investigation). The Judge immediately dismissed his concern because the Government stated - in a non-binding, non-policy specific way - that they would only tap one customer.

9 hours ago
top

Lavabit Loses Contempt Appeal

danheskett Re:Also Disturbing (116 comments)

Judges should NOT start being proactive.

I suppose I should have said "in their rulings". Meaning, they should be defacto skeptical of Government claims, and defacto assume that Government shall not be trusted. Currently, they take the Government's claims at face value. I.E. the Government says they wont use any data they are not allowed to, so we trust them. They should be proactive in assuming that the Government lies.

n the US, at least, judges are - per the US constitution - reactive.

Really? Where is that? Article III establishes the Judicary, but does not in any way circumscribe the power of the Courts, or make them reactive in nature. There is nothing even suggesting that a suit must be made - only that the Supreme Court has original jurisdiction.

The entire concept of a reactive, ex-post facto review based Court is entirely based on statue and tradition (Marbury v. Madison et all). There is nothing inherently anti-Constitutional about, for example, the Court being given, by Congress, an ad-hoc review power of any government action. Or a pre-enactment review authority over all legislation.

At very least, allowing judges to be proactive would require a massive rewriting of laws, starting with the constitution and working your way down.

I disagree. Most of it is all stacked precedent and not black letter law.

10 hours ago
top

Lavabit Loses Contempt Appeal

danheskett Re:A remarkable order. (116 comments)

The cogent and accurate description of public key cryptography a

Disagree. The "padlock" analogy was garbage. In PKI, anyone cannot simply "lock the padlock" as the author of the ruling states. For any key-set, exactly 1 key can "lock", and exactly 1 key can "unlock". The brief claimed that anyone could come by and lock it, and that's not true. And it's relevant since, as Levinson stated, with the keys, the Government could impersonate his service to any of his 400,000 users.

As we know, they government routinely uses deception. The DEA creates fake histories of evidence and plants it on local law enforcement.

11 hours ago
top

Lavabit Loses Contempt Appeal

danheskett Also Disturbing (116 comments)

I think one thing we need to be aware of is that the Court defers to the Government's claim that, once decrypted, the Government will not view anything but the "metadata" of the communication, not it's "content", and not for anyone but the target.

Every legal case, every Court hearing, from here forever, the Government must never be given the benefit of the doubt. Any time they have the capability to abuse that claim, we must assume that they will, and Judges should start factoring that assumption into their discussions. We know, only through illicit disclosures, the government will abuse the legal theories that are plainly written in black letter law (Section 215 for example), and will simply declare that the domestic law doesn't not apply for any number of novel theories outside the review of anyone.

Judges must start being proactive. I think it's fairly clear that Levinson was skeptical that the Government would only target one user, and that the Government would never use any of that data that they were not permitted to have. In that regard, he was 100% right that forcing mass decryption is in fact "a general warrant", the precise protection that the 4th Amendment's specific language was intended for.

The whole affair also shows how badly the Stored Communications Act and the Pen/Trap statue's are drafted and how out of date they are. The Law must finally realize that there is no such thing as "meta-data" anymore. It's a label without meaning. The message is the message, including the routing information. "Content" versus "Meta-data" is a garbage distinction with email. The entire layer 7 message - headers and all, is the content.

11 hours ago
top

Lavabit Loses Contempt Appeal

danheskett Demonstrates the futility of opposition.. (116 comments)

I think that the ruling and the case demonstrate the futility and the problems with attempting to defend yourself or your clients against the government. It seems clear to me that Lavabit suspected that the order was overbroad, but had no idea what to do about it. The contempt charge was probably inevitable as he searched for a legal basis and representation to do what was quite obviously "the right thing".

The ruling also has a powerful, and sad, commentary on our system of government as it stands today:

"Because of the nature of the underlying criminal investigation, portions of the record, including the target’s identity, are sealed."

We are right back at Star Chambers and secret courts and hidden rulings and anonymous witnesses. We've devolved back to a legal system which is only concerned with secrecy.

11 hours ago
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

danheskett Re:Two things to note (526 comments)

The reason is understandable and explained in the above paragraph - the vast majority of software developers out there are probably not able to contribute meaningfully to a project such as OpenSSL.

You got it big time, right on the nose. The power of Open Source is that it attracts professionals and experts from across the world to contribute. Do we really think that there is a big concentration of the best and most skilled crypto experts in the world all centered around Redmond Washington USA? Money will only go so far. There are likely exploits in Microsoft's SSL stack that are so subtle that their small team of experts are not even aware that they exist. Assuming they were not paid for by the NSA or other agency.

yesterday
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

danheskett Re:The bug was found because it was open source.. (526 comments)

Agree. OpenBSD and folks like Theo are integral to pushing the world forward on this stuff. You have my point exactly which is it is statistically unlikely that there isn't an SSL exploit, in the wild today, that is undetectable, undisclosed, unknown. We don't even know what we don't know. For all we know, the NSA and Microsoft collobrated to weaken the standard, make an implementation fault, and suppress it from being discovered, patched, and closed. Literally, MS can deny it, the NSA can deny, but it's all based on trust. And trust is a crappy plan.

With OpenSSL, it's not based on only on trust, it's based on verification.

Was I annoyed that I had to spend 2 hours investigating and answering client questions? You betcha. Is it a heck of a lot better than the alternative? It's not even close.

yesterday
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

danheskett Re:It doesn't. (526 comments)

Right, and I agree. However, for example in case of Heartbleed, I run a fairly sophisticated IDS platform, and do my own random log reviews, and all that, (turns out I was never at risk on any of my networks), but it still didn't turn up evidence of Heartbleed, nor would it even if I was actively exploited.

You do what you can, but it's never enough.

yesterday
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

danheskett Also (526 comments)

I would like to just point out this is a huge win in my book for Debian. Those of us running an all Debian oldstable environment, getting backported security patches, and sticking with the tried and true version of OpenSSL instead of that newfangled 1.0 code release got to write nice letters to our customers saying we still don't use Windows and we were never vulernable.

LONG LIVE OLDSTATBLE.

yesterday
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

danheskett Re:It doesn't. (526 comments)

And we know this happens - researchers learn about zero-day exploits in the field everyday. Whats the odds that we learn about all of them? Zero, I'd wager.

People who do really deep audits of a system after a breach know what this is like. When you get that feeling that you are up against something new, or something unreported.

yesterday
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

danheskett This was positive (526 comments)

Heartbleed was positive for the world. The bug was found by code review, twice independently in a short period of days. It was patched rapidly across a hundred different versions and platforms, and now the world is vastly more safe. The system worked exactly as it should.

It is entirely likely that Heartbleed is out there for a closed platform. Or worse. And it's likely that it is being exploited right now by not only our own Government in the US, but our foreign rivals for economic and political gain. And what's worse, there is probably code out there that is defunct, full of Heartbleeds, bleeding exploits into the wild uncontrollably.

The only downside it exposed is that some projects have a lock on what they do. OpenSSL is so good that everyone uses it, and no one is seriously interested in forking it or doing a new implementation.

yesterday
top

Can the ObamaCare Enrollment Numbers Be Believed?

danheskett Re:Fuck Obamacare (720 comments)

Granted it might not be great care, but the idea that someone would be left out of a hospital if they had a serious problem is just FUD

EMTALA is garbage for anything other than just getting an urgent, tramatic problem stabilized. After that, they can and will dump you back to the street. You have cancer, and no money? Well, you'll get whatever your visit today demands for stabilization, and then back out. Compound nasty broken bone, but not money or insurance? They'll stabilize it, but probably not do the surgery required to repair the break.

about a week ago
top

60 Minutes Dubbed Engines Noise Over Tesla Model S

danheskett Re:Lies (544 comments)

Right, it is the same thing. Both are lies.

about two weeks ago
top

60 Minutes Dubbed Engines Noise Over Tesla Model S

danheskett Re:Lies (544 comments)

Yeah I really don't think it's a problem. Correcting problems with the medium is not the same thing is introducing foreign material into the sound track over other footage.

about two weeks ago
top

60 Minutes Dubbed Engines Noise Over Tesla Model S

danheskett Re:Lies (544 comments)

The main thing, is that real life is rather boring, and uninteresting. You watch any particular person, you will get board. But if you edit out the boring bits you get to the point faster.

I am not against editing. People are capable of understanding that a news piece on a person doesn't have to show that person taking a bathroom break.

Lets say you watch your Congress in action. Now Fox News will edit it so the Republicans will look like strong articulate leaders, and the Democrats will be stumbling on their own words. MSNBC may do it the other way around. If you have it fully unedited you will be watching hours of boring jabbering
Right, the point is that they are boring and jabbering. They talk to empty chambers in sentences designed to be excised by their supporters. Showing them, as they are, would provide the most accurate picture - boring, out of touch, nonsensical. "Cutting to the chase" is deception that case.

about two weeks ago
top

Brendan Eich Steps Down As Mozilla CEO

danheskett Re:I think this is bullshit (1744 comments)

Unlike him, I haven't contributed to any organisations that seek to remove anyone's rights, and certainly not HIS rights.

Ohh really? Is that so?

I suspect that the prisoners at Gitmo held without trial, without any rights at all, on your tax dollars would beg to differ. So how about I track down your employer and harass them for a bit?

still venerate you as a great person.
In the end Mozilla has now trained itself to be vulnerable to outside pressure for any number of non-business related positions, and that's extremely detrimental to the business. What's all over Mozilla now is about their commitment to freedom and equality and all that. Which I suppose is a nice thing, but what exactly does it have to do with the the web browser?

The reality is that there is no connection between marriage rights and the product or the commercial venture. And the Mozilla foundation bowing to pressure just makes it more likely that other such controversies will drag it down in the future. Setting up a litmus test for employment as a CEO or any other position in organization that is based on ideology or personal or political beliefs is a very dangerous breach of an integrated economy. It is a dangerous step towards politicizing the workplace in a way that we haven't had before. Whereas in some systems, it is routine for corporations to be closely linked to politics, it's a new and worrisome trend in the US. In the end Mozilla lost two things: a fairly world class engineer and leader, and it's claim to follow and adhere to it's mission.

about two weeks ago
top

Brendan Eich Steps Down As Mozilla CEO

danheskett Re:I think this is bullshit (1744 comments)

How many LGBTs were strung up and hung for doing nothing more than looking at another person a certain way?

Out of curiosity I took a look to see what I could find on this topic. There are some notable cases, but it appears to be rather rare. Did you have something specific in mind or was this a turn of phrase? Compared to black lynchings, which thousands are documented, it appears to be not a thing that was common.

about two weeks ago
top

Brendan Eich Steps Down As Mozilla CEO

danheskett Re:I think this is bullshit (1744 comments)

That's true, and the point is: so what? What does that have to do with his job?

This type of controversy may be fine for a commercial wing of a non-profit, but you would not see it in corporate America. I suspect.

about two weeks ago
top

Brendan Eich Steps Down As Mozilla CEO

danheskett Re:I think this is bullshit (1744 comments)

And the stuff that China manufacture's isn't the complexity, value, or skill of American manufacturing.

It really clicked for me when I found out that Foxconn basically hand assembles Iphone's. Prior to realizing that I believed that China must be like American, Germany, British and French manufacturers. After researching it more, and actually been in to a lot of American factories I realize a big problem has been that workers have been frozen out of realizing any gains from the amazing technological driven productivity gains of the last 40-60 years.

about two weeks ago
top

60 Minutes Dubbed Engines Noise Over Tesla Model S

danheskett Re:Lies (544 comments)

Agreed that this probably common.

But, the point is, that it's wrong. It's always a fraud on the viewer, even if sometimes it's a small fraud on the viewer. What we are basically saying now is that "it's always a lie, but this time, it's an obvious lie, and so we are sorry".

The process of dubbing in audio, which we know happens frequently, is the problem. It's always a lie.

The answer should be "no more lies". In this case, it's always been a pet peeve. The video shows a middle-aged guy accelerating normally down a city street at 20 or 30 mph. The audio is of an engine hitting redline after slipping the clutch.

about two weeks ago

Submissions

danheskett hasn't submitted any stories.

Journals

danheskett has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...