×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Government To Require Vehicle-to-vehicle Communication

hacker Re:If they can... (390 comments)

"So you are turning off and removing the battery from your Cell Phone? No?"

Pretty soon, that won't matter either, with MIT developing wireless radios that rely on nothing other than power from the wireless signals floating all around us. That's why I use a Faraday Bag to put my devices in when I am not actively using them.

"And you are worried about your CAR?"

There, FTFY.

It's still my car. If I want my car's exact speed, location, route and destination being sent to anonymous, random strangers sharing the public roadway with me, I'll be the one who authorizes that data being sent outbound, thank you very much.

"They ALREADY can track you, even with out a warrant. It's called a stakeout and tailing somebody. They can watch you in public, any time they wish, no warrant required."

The major difference here, is that we can track them as well, and they aren't allowed to continue to track you, follow you onto private property without a warrant. They're also not allowed to illegally attach GPS devices to your vehicle, but they're doing that anyway too.

See the problem here?

about 3 months ago
top

Government To Require Vehicle-to-vehicle Communication

hacker Re:Correlative prediction (390 comments)

"Conspiracy is when you invent an implausible explanation for something."

If we've learned anything over the last 4-5 years, it's that those pesky conspiracy-theorist friends we have that we never acknowledge to others, were much closer to "Right" than we had ever dreamed of.

I agree with you. There's absolutely no way this is going to go unabused.
 

about 3 months ago
top

Government To Require Vehicle-to-vehicle Communication

hacker Re:When did slashdot become a conspiracy site? (390 comments)

"It's all short range communication, so application is limited."

Really? How "short" is the range of GPS these days? Looks like about 12,551.7 miles.

Galactically, that's probably "short", but there is nothing about this that is "short range" at all. GPS capability + what essentially amounts to a huge, roadway-phased mesh network, and you're talking about miles to dozens of miles of coverage between "endpoints".

about 3 months ago
top

Government To Require Vehicle-to-vehicle Communication

hacker Re:"dystopia" (390 comments)

"We can build systems that react more quickly and consistently than any human. Every year's technological advances expand the domains in which we can do this. If we can use such systems to prevent unnecessary death and suffering, LET'S GET ON WITH IT."

Show me the data.

There is absolutely no way in this universe, that this will not be abused.

There's too much hand-wringing possible with this technology. Couple this with the recent "Remote Stop Device" that the EU is mulling over, and you've essentially got real-time tracking of every single car in the participating countries, mapping and plotting movements and vehicles, and auto-citations being sent out to offenders.

Do something you're not supposed to do, or out past curfew? Your vehicle is remotely stopped. "Please stay where you are, while we send an officer to violate your rights further, with an illegal stop, search and invasive roadside interrogation."

No, there's no way this is happening in a benign, olive-branch fashion. I'm not that naive. There's far too much evidence backing me up here, that similar technologies proposed as saving humanity weren't immediately abused when they hit the market/street/public.

about 3 months ago
top

Government To Require Vehicle-to-vehicle Communication

hacker Re:V2V Developer (390 comments)

"None of this takes control of your car in any way. It would just be used to provide information to built in indicators in the cars. Perhaps a HUD that would show the locations of other cars with relation to yours, especially in your blind spot."

Are you sure about that?

about 3 months ago
top

Government To Require Vehicle-to-vehicle Communication

hacker Re:V2V Developer (390 comments)

"Finally, we get to the issue of government spying. Since every vehicle is transmitting its location, doesn't this mean that the government could track everybody, or gather other information about them? This is actually very unlikely. The development of V2V tech has been fairly hands-off on the government's part. Their primary contribution has been to lay down certain standards and requirements for the tech, and then let the commercial companies implement it."

Don't be ridiculous.

Within a hour of this being made a requirement, there will be installations on bridges, public roadways, intersections that will be capturing, gathering, storing, aggregating and mapping every single vehicle movement within city and rural limits.

Guaranteed!

This is an over-bearing, invasive government's wet dream. To know where everyone is at any one time, at all times, day or night? Absolutely this will be abused. They're already doing it now without our consent using our phones and surreptitiously installed GPS devices in our vehicles.

If you think for a nano-second that this is truly being developed to reduce the number of traffic accidents, you're being quite naive. You may be working on the technology, but that doesn't mean you understand the full implications of how it's targeted for use, or how it will ultimately be used when it becomes a reality.

There is absolutely no way this isn't going to get abused at the highest levels of Government.

about 3 months ago
top

Should Everybody Learn To Code?

hacker Re:No (387 comments)

When computer-based automation and robotics starts taking away 50%+ of the common jobs in the industry, you can bet learning how to code, will be immensely valuable.

Do we have the capital funds at the government level to re-school and re-skill everyone who is 40+, locked into a career path and now out of work, with nothing available in their own industry sector?

We're ignoring a very large and looming issue that is about to hit us in 10 years or less. Someone will need to be around, understand and be conversantly expert in the technologies powering that automation (think cloud, drones, home automation, self-driving vehicles, facial recognition, algorithms, etc.).

about 3 months ago
top

Why Does Facebook Need To Read My Text Messages?

hacker Re:SubjectsInCommentsAreStupid (293 comments)

Crap, Slashdot truncated it...

Search for: "Photos of {someone you are not friends with}"

about 3 months ago
top

Why Does Facebook Need To Read My Text Messages?

hacker Re:SubjectsInCommentsAreStupid (293 comments)

No, that's precisely how it should work. If you're putting anything on Facebook that you don't want the general public to see, you're using it wrong. Facebook is already exposing your profile and data all over the place, and selling it to three-letter-agencies and private, commercial companies.

Try doing a search on Facebook for this string: "Photos of " and see how much data it shows you from someone's profile, where going to their profile directly and clicking on "Photos", shows you nothing (for those who have locked their profile down).

Also, your connection is most-definitely NOT anonymous using Tor.

about 3 months ago
top

Why Does Facebook Need To Read My Text Messages?

hacker Re:Removed app + hidden services from ROM long ago (293 comments)

Yes, there are quite a few apps that ask for access/permission to things they clearly should not have permissions for. I've taken quite a few screenshots of the abuse, posted on my Twitpic feed. Look closely at the dates some of these were posted:

http://twitpic.com/dfg0wn

http://twitpic.com/d7sepd

http://twitpic.com/ckgra5

http://twitpic.com/ckgr11

I found the issue with Brightest Flashlight almost a full year ago, now it's just recently hit the news. Sigh.
http://twitpic.com/cjlfvr

http://twitpic.com/cjl3r1

http://twitpic.com/cjg0q3

about 3 months ago
top

Why Does Facebook Need To Read My Text Messages?

hacker Re:The bigger issue... (293 comments)

You don't need to use the Facebook app on your phone, you can use the mobile version of the website, or if you're using Android (as is the case with the OP's gripe), you can use Tinfoil for Facebook.

Remember to uninstall Facebook as an app and from ROM including the SNS service (not a typo), to completely rid your handset of that mess.

If you don't want to do that, use Orbot and the mobile site over Tor using the Orweb Privacy Browser.

about 3 months ago
top

Why Does Facebook Need To Read My Text Messages?

hacker Removed app + hidden services from ROM long ago (293 comments)

I couldn't be happier now that I've completely purged Facebook and its hidden (SNS, not a typo) services from my ROM and phone, and frozen/deleted all of the other assets in other apps that try to "phone home" to Facebook. Side benefit is that after removing Facebook from my phone, I gained seven solid HOURS of battery life back. I didn't realize how often the SNS service and Facebook itself were sending and receiving data, phoning home, etc.

The combination of Android Permission Manager, DroidWall and LBE Security Master have made things much easier to block, delete, drop packets, deny and forbid services from trying to use unnecessary permissions.

I guarantee that no app is doing what it shouldn't, and those that should have permissions (Camera => Take Photos Permission) are prompted every time they attempt to do so, never allowed by default. If I'm not using the Camera for example, and I get a popup that it tried to take a photo, I permanently deny it and remove/uninstall the app. I don't tolerate any of that out-of-band behavior on my phone.

You should investigate the same. Yes, we all know about the L4 kernel, but this at least will help remove the abuse from the application level.

about 3 months ago
top

Man Jailed For Refusing To Reveal USB Password

hacker Re:Wrench beats encryption every time (374 comments)

Unless of course they just happen to see something during a legal search, then they can collect that evidence too, even if it's not related to the warrant.

It's not a grey area. They absolutely cannot have a broad search for your house and then say "Oh, here's safe. It's used to hold things secret. He MUST have something in there he doesn't want us to see. I'll bet there's all sorts of fun stuff in there! 'Sir, open the safe too'..."

They have to know, with absolute certainty that there's directly-related, incriminating evidence contained in that safe before they ask to open it.

If they're searching your house for a murder weapoon or drug parephenalia, and demand you open the safe and you do, and they find documents implicating tax evasion, they can't then decide to throw in charges for that along with the others you're accused of.

Likewise, if they are looking for a murder weapon, demand you open the safe, and inside they find an encrypted USB thumbdrive in the safe and demand the password, you don't have to provide that decryption passphrase at all.

There's already legal precedent here backing this up, until they decide to invalidate that with NSL and FISA orders, of course.

about 3 months ago
top

Man Jailed For Refusing To Reveal USB Password

hacker Re:Wrench beats encryption every time (374 comments)

...but if they ask you to open the safe, you have to open it.

Actually, you don't.

You only have to provide access to locations specifically named in the warrant. If the contents of the safe aren't listed on the warrant, you don't have to open it. Also, they have to have evidence that the specific contents in the safe contains incriminating evidence beforehand, else it is off-limits.

Just because they have a warrant, does not mean they can go on a fishing expedition and go looking for evidence. The warrant is there to collect the evidence, not to try to locate it.

If you're still confused, please read the SSD:

https://ssd.eff.org/your-computer/govt/warrants

about 3 months ago
top

Ask Slashdot: How To Protect Your Passwords From Amnesia?

hacker Re:BioMetrics (381 comments)

This wouldn't work if you were hospitalized, since they could easily scan or duplicate your fingerprints while you're sleeping or medicated. No thanks. Not flawless or bulletproof here, and easily subject to coercion or the $5 wrench method.

about 3 months ago
top

Ask Slashdot: How To Protect Your Passwords From Amnesia?

hacker Re:Sigh (381 comments)

That's how I do it for my employers (large fireproof safe, book sealed so you can't open it without me noticing, etc.) and for myself.

Sealed how? For every way you can seal an article, I can probably name a handful of ways to get around it without disclosure. Wax seals, adhesive, envelopes, locks, string, ink stamps, stickers, all easily and transparently bypassed.

What method are you using with your books?

about 3 months ago
top

US Federal Judge Rules Suspicionless Border Searches of Laptops Constitutional

hacker As a Private Investigator once told me, years ago (462 comments)

If you find that your residence, automobile, or other personal effects have been entered/searched without your consent or direct knowledge, and everything "looks intact", consider that they didn't come to take something away, but to put something in.

Once your personal effects, especially high-capacity electronics like smartphones and laptops, are out of your direct control, in some other room for hours at a time while you're in a holding cell, you can no longer trust them.

If they can get access to the physical hardware, they can install malware, rootkits, key loggers, replace the network card with one that is known-trojaned, manipulate your certificates, trusts, replace firmware on your devices and anything else they want.

No, once you get your gear back, immediately wipe it. Do not log into it, not even once, and just sell it on eBay or Craigslist.

You can't trust it, so dump it as soon as you can.

about 4 months ago
top

The Startling Array of Hacking Tools In NSA's Armory

hacker Re:Open source? (215 comments)

...use "a long", not "along", damn Mac keyboard! :)

about 4 months ago

Submissions

top

Prevent my hosting provider from rooting my server

hacker hacker writes  |  more than 4 years ago

hacker writes "I have a heavily-hit public server (web, mail, cvs/svn/git, dns, etc.) that runs a few dozen OSS project websites, as well as my own personal sites (gallery, blog, etc.). From time to time, the server has "unexpected" outages, which I've determined to be the result of hardware, network and other issues on behalf of the provider. I run a lot of monitoring and logging on the server-side, so I see and graph every single bit and byte in and out of the server and applications, so I know it's not the OS itself.

When I file "WTF?" style support tickets to the provider through their web-based ticketing system, I often get the response of "Please provide us with the root password to your server so we can analyze your logs for the cause of the outage." Moments ago, there were 3 simultaneous outages, while I was logged into the server working on some projects. Server-side, everything was fine. They asked me for the root password, which I flatly denied (as I always do), and then they rooted the server anyway, bringing it down and poking around through my logs anyway. This is at least the third time they've done this without my approval or consent.

Is it possible to create a minimal Linux boot that will allow me to reboot the server remotely, come back up with basic networking and ssh, and then from there, allow me to log in and mount the other application and data partitions under dm-crypt/loop-aes and friends?

With sufficient memory and CPU, I could install VMware and run my entire system within a VM, and encrypt that. I could also use UML, and try to bury my data in there, but that's not encrypted. Ultimately, I'd like to have an encrypted system end-to-end, but if I do that, I can't reboot it remotely without entering the password at boot time. Since I'll be remote, that's a blocker for me.

What does the Slashdot community have for ideas in this regard? What other technologies and options are at my disposal to try here (beyond litigation and jumping providers, both of which are on the short horizon ahead)."

Link to Original Source

Journals

hacker has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...