Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

DoxBox: Open-Source disk encryption for Windows

kevlar_rat thanks (1 comments)

Thanks for posting this. I am the maintainer of DoxBox. It's not entirely accurate to say it's a 'new' program, because it is a re-launch of FreeOTFE. The github project is here.

about two weeks ago
top

Snowden Seeks To Develop Anti-Surveillance Technologies

kevlar_rat Irony or blowback? (129 comments)

TOR, of course, was created by the US gov't to protect users against dictatorships and now is mostly used to protect against the US gov't. See also the webertarian manifesto:

The webertarian project aims to create software that makes tyranny mathematically infeasible.

about 2 months ago
top

UK Gov't Plans To Push "Emergency" Surveillance Laws

kevlar_rat Re: "Emergency" laws. (147 comments)

There are no pedophiles in Britain. Paedophiles on the other hand ....

about 2 months ago
top

UK Gov't Plans To Push "Emergency" Surveillance Laws

kevlar_rat Re:Talking of FUD (147 comments)

Where exactly does the law state that? There's no "then and only then"

It was the law I quoted immediately above it. I even bolded the relevant part.

For the purposes of this section a person shall be taken to have shown that he was not in possession of a key [ie he forgot it] to protected information at a particular time if—
(a)sufficient evidence of that fact is adduced to raise an issue with respect to it; *AND*
(b)the contrary is not proved beyond a reasonable doubt.

(my emphasis) Note the word 'AND'.
Hopefully most people understand that X = a AND b means you need to test b if and only if a is true.

even the CPS themselves highlight that your earlier interpretation

This is a press release from the CPS - not an argument made in court. We don't know what was said in court. We do know, for certain, what the law says and it's quite clear. The prosecution do NOT need to prove 'beyond reasonable doubt' that someone remembers their password, as you claimed they do, except in exceptional circumstances.

someone stupid enough to incriminate himself

The information we have is that he behaved consistently with someone who was being as helpful as possible to the police, but had forgotten his password.
Note that there is little special status in England for 'self-incriminating' evidence, unlike America. If you refuse to answer the police questions on the grounds that they are 'self-incriminating' the prosecution can and will use this in court.

, he admitted he had set the password,

So are you saying he should have lied to the police? Will any encryption software will let you encrypt data /without/ setting a password?

To recap, you said :

Similarly there's a lot of FUD about RIPA's password clause by people who haven't read the law which explicitly states that police have to prove beyond reasonable doubt that someone has a key before they can be prosecuted for not handing it over

(my emphasis) I quoted the exact law, which 'explicitly states' the precise opposite of what you claimed - implying that you yourself 'haven't read the law'.
You also said, about people being imprisoned for apparently forgetting their password:

it's never happened

I gave a example of precisely that happening.

This is a far cry from simply saying ... "I forgot it". As I said, no such case to date has ever happened -

from the press release:

the defendant [said he] could not recall it ... As the defendant claimed to have forgotten a password ...

So this is exactly what happened.
Some people, if they were caught out so badly wrong about so many things they were so dogmatic about, might think "when you're in a hole - stop digging".
But I'm glad you don't because it gives me an opportunity to repeat this point about which there certainly is 'a lot of FUD':

Basically, based on the few contested cases that have come up so far, if the police demand a password to some file you encrypted, only 2 things can happen:
a) you give them the password
or
b) you go to prison.
Except in special circumstances, saying 'I forgot my password' is NOT a valid defence.
The claim that the prosecution always have to prove 'beyond reasonable doubt' that you remember it is clearly false. It's up to the victim to show 'sufficient evidence' they have forgotten it, something that has never happened, and may be impossible in practice.
The following are also not defences:

  • 'I didn't set a password' (an obvious lie)
  • 'My answers would be self-incriminating' (this isn't America)

This is going to have a chilling effect on the use of encryption in general, will give the authorities power over people who have done nothing wrong, and will encourage those in the know to use 'deniable encryption' which will give police still less knowledge about the metadata.
HTH

about 2 months ago
top

UK Gov't Plans To Push "Emergency" Surveillance Laws

kevlar_rat Talking of FUD (147 comments)

Similarly there's a lot of FUD about RIPA's password clause by people who haven't read the law which explicitly states that police have to prove beyond reasonable doubt that someone has a key before they can be prosecuted for not handing it over

Except it doesn't.
The actual quote from the law is:

For the purposes of this section a person shall be taken to have shown that he was not in possession of a key to protected information at a particular time if— (a)sufficient evidence of that fact is adduced to raise an issue with respect to it; and (b)the contrary is not proved beyond a reasonable doubt.

IOW the defence has to show "sufficient evidence ... to raise an issue", and then and only then does the prosecution have to prove 'beyond a reasonable doubt'. So this is a completely new standard of proof introduced into the British criminal system after 1000 years of using only the 'proof beyond a reasonable doubt' test. How do you show 'sufficient evidence' that you have forgotten a password? Nobody knows.
AFAIK (and IANAL) no judge has yet accepted the defence has shown 'sufficient evidence'. How do you show a negative - that you don't know something? Maybe judges think (correctly) that it's impossible to 'raise an issue', so the prosecution never has to prove anything apart from that you didn't hand over a password.
This is what's known as the 'reverse burden of proof' introduced in RIPA. You don't have to prove 'beyond a reasonable doubt' you forgot the password, but you do have to show 'sufficient evidence', or - if you don't hand over a password - you're automatically guilty.
What's more the Home Office code of practice says that even if you have 'sufficient evidence' - it might not even be allowed in court 'if the person fails to raise some doubt as to whether he still had the key when the notice was given'.

it's never happened, everyone prosecuted to date has been like the plonker in yesterday's news story who incriminated themselves for the simple reason they were actually dickheads.

Perhaps you're assuming no judge would be that corrupt,so here's a case of someone who quite plausibly forgot his password being imprisoned:

A TEEN who refused to give police officers an encryption password for his computer has been jailed for four months. Evidence showed that the defendant admitted in police interviews that he had set an encrypted password of between 40 and 50 characters containing both letters and numbers using an encryption software programme and that he had had originally relied on his memory to recall it but could not recall it when he was served with the notice.
The jury heard both the prosecution and defence case and accepted the prosecution case that the defendant must have kept a record of this very complex password, rather than relying on memory, and that he had deliberately failed to disclose it to the police. They returned a guilty verdict after 15 minutes deliberation.

Incidentally, if you do get ordered to hand over a password - even to sometimes else's data you happen to have - you're not allowed to tell anyone, presumably not even to ask for the password.

about 2 months ago
top

NSA Considers Linux Journal Readers, Tor (And Linux?) Users "Extremists"

kevlar_rat Extremism is evil (361 comments)

'Extremism' is an evil concept. An 'extremist' implies someone on the edges of the bell curve of belief - but guess what - most people think of themselves as being in the middle of that curve, no matter what their own beliefs. So in practice 'extremist' means 'extremely different from me'.
The purpose of law enforcement should be to stop acts of violence, terrorism, subversion, whatever - but never to stop mere difference. In a violent society, peace is extremist. In a dictatorship, freedom is extremist. In a racially segregated society, equality is extremist.
It's no wonder authorities love the word 'extremism', it's a slur for any kind of dissent.
Remember, the direct opposite of 'extremism' is 'conformism'.

about 2 months ago
top

NSA Considers Linux Journal Readers, Tor (And Linux?) Users "Extremists"

kevlar_rat The NSA is more extreme than you know (361 comments)

See, a rational person would have looked at what's going and concluded that the NSA's position is "of course you're more likely to be an extremist" rather than "of course you must be an extremist".

This is a comment in the actual code used by the NSA:

/* These variables define terms and websites relating to the TAILs (The Amnesic Incognito Live System) software program, a comsec mechanism advocated by extremists on extremist forums. */

The source also says the NSA refers to "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum".

So yes, the NSA, in their own words, do indeed believe if you use TAILS, or read The Linux Journal, you are an extremist.

about 2 months ago
top

After the Sun (Microsystems) Sets, the Real Stories Come Out

kevlar_rat alternative sites (166 comments)

I'm the developer of squte.com, I'm glad you like the simple look of it - I tried to model it after Slashdot at its prime. If there's anything else that you like, or that needs improving, let me know. I also use soylentnews and pipedot. The owner of pipedot (bryan) also responds to suggestions.

about 3 months ago
top

TrueCrypt Website Says To Switch To BitLocker

kevlar_rat FreeOTFE (566 comments)

The only other open-source option for windows is FreeOTFE, which is also no longer developed. It works on Windows 7 with a hack

about 4 months ago
top

The Best Way To Watch the "Blood Moon" Tonight

kevlar_rat Why a blood moon? (146 comments)

This is an unusual event because its part of a series of 4 lunar eclipses in a row (in subsequent 6 full moon cycles), a tetrad which occurs once per 33 years on average. The term 'blood moon' is sometimes used for a lunar eclipse, but it's been popularised for this tetrad by John Hagee to promote his book and claim that it means the end of the world.

about 5 months ago
top

The Best Way To Watch the "Blood Moon" Tonight

kevlar_rat Yeah, (146 comments)

we should kick them off Terra

about 5 months ago
top

Ask Slashdot: Are You Apocalypse-Useful?

kevlar_rat post apocalyptic is not medieval (737 comments)

someone capable of swinging a sword and lopping the heads off marauders intent on dragging off the young women and torching the village.

I doubt a post-apocalyptic world will be much like the mediaeval times portrayed in Game of Thrones. In fact the medieval world wasn’t much like that.
Swords were very expensive and used only by the nobility. The peasants use staffs or slings - i.e. sticks and stones, or long bows at certain periods.
As others have pointed out, there can be expected to be plenty of rusting machinery available, so the economy & warfare would be different. It's a lot cheaper to get iron by melting a car engine block - no matter how rusted - than smelting it from iron ore.
So maybe weapons would be different, too. Perhaps with more metal available everybody would have a metal bow, or perhaps with fewer forests and less firewood, metal would be more expensive and nobody would have swords.

about 5 months ago
top

CSIRO Scientists' Aquaculture Holy Grail: Fish-Free Prawn Food

kevlar_rat It's all the prawn shop sells? (116 comments)

If everybody else in the world was vegan, would you still be insisting that it's 'normal' to eat animal products?

Err, no, because it wouldn't be - by definition.
In fact I'm not sure what your point is.
If everybody went around with their face painted blue and said "I've traveled from 1983 to say this" before every sentence, that would be normal. But it wouldn’t make it a good idea.
Perhaps your saying that 'normal' isn't the same thing as 'natural', but since societies where the unnatural (painting your face blue) is normal are the exceptions, it's a good approximation to it.
This isn't a good argument for veganism, because most societies throughout most of history have eaten meat. So meat eating is normal and therefore likely natural.
Another possibility is that you don't know the meaning of the word 'normal' and think it actually means 'natural'. In the west that level of ignorance is ... normal.

about 5 months ago
top

Dyn.com Ends Free Dynamic DNS

kevlar_rat domain != dyndns (242 comments)

There is a little confusion here. Dynamic DNS means the domain record is constantly updated to point to the correct IP address. Its completely independent of domain registration. godaddy does not offer a dyndns service. Most dyndns services do not offer domains.
DynDNS is useful if you want to be able to always contact a box on a domain, but it's got a dynamic IP address - i.e. typically for running a server on a home box. I use it to ssh into home when I'm away, I just do ssh mydyndomain.org and don't need to worry about IP addresses.
I have had domains with godaddy in the past, but I've always used dyn.com as well.
It is possible to use a script to update your A record through your registrar's web interface, but this will break every time they update the site.
P.S. I recommend not using godaddy.

about 5 months ago
top

Why No One Trusts Facebook To Power the Future

kevlar_rat federated social networks (218 comments)

federated social networks will go the same way e-mail has gone: yes, there's tons of minor e-mail servers, but a few large companies control a very large fraction of e-mail traffic (espeically for personal use) because running a server is hard.

For a federated system based on an open protocol, it should be possible to have a desktop client which installs in a few clicks. You can install a mail server yourself, of course, but the main barrier to this is needing a domain name pointing to it. For a desktop 'node' of a P2P system, either it is always on, or you have a name resolution system built into the protocol, or you have to have a domain name and a static IP (or use a dyndns service). All of these have downsides. A workaround is to use the email system as a transport layer. Email servers then effectively act as proxies.

Another problem with a p2p service is that p2p networks require more processor and network usage than centralized services, so they make poor applications for mobile devices.

Well, with the federated model you would just visit a website. If the protocol allowed it, you could use a desktop app on your PC and a website on your mobile with the same account.

about 5 months ago
top

Why No One Trusts Facebook To Power the Future

kevlar_rat p2p social messaging system (218 comments)

Perhaps there is already someone doing this?

Yes, there are a number: diaspora, Friendica, and an emerging system based around RSS, this type of thing is usually called the federated social web. This is my own overview.

meta data and messaging data is spread around different peers as encrypted chunks

This is my proposal for exactly that

about 5 months ago
top

Interview: Ask Bruce Perens What You Will

kevlar_rat Better still? (129 comments)

Or better* http://squte.com/ which also forwards posts to Usenet - so there is a permanent archive that isn't locked in to any one site and a potential community of the millions of Usenetters.
* for sufficiently small values of better

about 5 months ago

Submissions

kevlar_rat hasn't submitted any stories.

Journals

top

Announcement: DoxBox: Open-Source disk encryption for Windows.

kevlar_rat kevlar_rat writes  |  about a month ago I am pleased to announce the project I have been working on the last couple of months is ready for beta testing.

DoxBox: Open-Source disk encryption for Windows. Think Truecrypt++

Features

  • Easy to use, with a 'wizard' for creating new 'DoxBoxes'.
  • Full transparent encryption, DoxBoxes appear as removable disks in Windows Explorer.
  • Explorer mode lets you access DoxBoxes when you don't have admin permissions.
  • Compatible with Linux encryption, Cryptoloop "losetup", dm-crypt, and LUKS. Linux shell scripts support deniable encryption on Linux.
  • Supports smartcards and security tokens.
  • Encrypted DoxBoxes can be a file, a partition, or a whole disk.
  • Opens legacy volumes created with FreeOTFE
  • Runs on Windows Vista onwards (see note below for 64 bit versions).
  • Supports numerous hash (including SHA-512, RIPEMD-320, Tiger) and encryption algorithms (Including AES, Twofish, and Serpent) in several modes (CBC, LRW, and XTS), giving more options than any other disk encryption software.
  • Optional 'key files' let you use a thumb-drive as a key.
  • Portable mode doesn't need to be installed and leaves little trace on 3rd party PCs (administrator rights needed).
  • Deniable encryption protects you from 'rubber hose cryptography'.

Please note this is a Beta version with some known limitations. Particularly in Portable mode an extra step is needed on 64 bit Windows to avoid the error message "Windows requires a digitally signed driver".

links
Download
Download DoxBox Portable
GitHub Page
Download page
Release notes and announcement
Please repost to whichever forums you think apt.

top

Squte.com now JavaScript free

kevlar_rat kevlar_rat writes  |  about 3 months ago s'qute is now no-script friendly, it's possible to use all the features of the site (including posting anonymously) with JavaScript off, and it's perfectly usable in links.

Leaving JS on will make some pages easier to use, e.g. loading comments in the background.
The bot defences have had to be reworked, so you may see more captchas than before.

top

benevolent botnets

kevlar_rat kevlar_rat writes  |  about 3 months ago A thread on comp.misc has drifted into talking about Nicholas Negroponte's vision for "software agents":

Mike Spencer wrote:

Now we have a bimodal distribution of Negroponte's future. If you're a well-funded institution, you can put pages and pages of javascript onto any machine ... The rest of us? I'll just write an "agent" that will find its way into 5000 physicians' computers and report [patient data] back to me. 'Scuse me but I have to see who's trying to break down the door, eh?

There's a difference between using resources on a remote pc and using the data that happens to be stored on it.

Hackers are already using distributed software agents to mine for bitcoins, botnets are running software agents - and where blackhats go now, the whitehats will follow.

On a pc with proper security and privileges there's no reason not to allow arbitrary code to run without risking your data or uptime*. Maybe some day if you have a server you can rent out its resources (cpu, disc space) in slack times in return for using other's resources at peak times. People with thinnish clients will be able to rent from this same pool - even running X-clients in it if needed. Some probes in this direction are screensavers like Models@Home. Buddybackup already does this with disk space - only for backup ATM, but its easy to see how it could be a 'distributed disc drive'.

Replacing the current 'clouds' with benevolent botnets that would be immune from court orders, natural disasters, corporate lock-in etc would be a big win.

* on Windows this is called a 'virus' which tells you something about Windows security.

top

DARPA Program to Use Brain Implants to Control Feelings

kevlar_rat kevlar_rat writes  |  about 4 months ago This first reported on comp.misc.

From the "already under your tinfoil hat" dept.

MIT technology review reports on a military funded $70 million program to try to develop brain implants able to regulate emotions in the mentally ill.

Researcher Jose Carmena has worked for years training macaque monkeys to move computer cursors and robotic limbs with their minds. He does so by implanting electrodes into their brains to monitor neural activity. Now, as part of a sweeping $70 million program funded by the U.S. military, Carmena has a new goal: to use brain implants to read, and then control, the emotions of mentally ill people.

This week the Defense Advanced Research Projects Agency, or DARPA, awarded two large contracts to Massachusetts General Hospital and the University of California, San Francisco, to create electrical brain implants capable of treating seven psychiatric conditions, including addiction, depression, and borderline personality disorder.

There couldnt possibly be any other use for this technology, could there?

top

A Suicide Bomber's Guide to Online Privacy

kevlar_rat kevlar_rat writes  |  about 4 months ago This story first reported on comp.misc:

Bruce Schneier has comments on a talk[pdf], described as "jarring" and "riveting", given by the mammal biologist and SF author Peter Watts based on his post about the "Transparent Society".

From the talk:

Back in 2003 I attended a talk by David Brin, ... People are primates, Brin reminded us; our leaders are Alphas. Trying to ban government surveillance would be like poking a silverback gorilla with a stick. âoeBut just maybe,â he allowed, âoetheyâ(TM)ll let us look back

Dude, thought I, do you have the first fucking clue how silverbacks react to eye contact?

...

Alpha primates regard looking back as a challenge. Anyone who's been beaten up for recording video of police beating people up knows this; anyone whose cellphone has been smashed, or returned with the SIM card mysteriously erased. Document animal abuse in any of the US states with so-called 'Ag-gag' laws on their books and youâ(TM)re not only breaking the law, youâ(TM)re a âoedomestic terroristâ

...

Natural selection favours the paranoid, those who run away. ...The link between surveillance and fear is a lot deeper than the average post-privacy advocate is willing to admit.

...

A lot of critics say blanket surveillance treats us like criminals, but it's deeper than that. It makes us feel like prey. Weâ(TM)re seeing stalking behaviour in the biological sense

Instead of 'looking back', Mr Watts recommends cloud services offer a "scorched earth" guarantee:

âoeHereâ(TM)s a wild thought: Donâ(TM)t just offer data protection, especially since you canâ(TM)t guarantee it,â he said. âoeOffer data destruction instead. Iâ(TM)m not talking about having the lions lie down with the lambs. Itâ(TM)s more Darwinian than that, when the lions come, you burn down your chunk of the veldt before the lions get their hands on it. A scorched-earth society.â

He is aware this would be illegal (âoethe cats get to write the laws for the mice,â as he says) , but

âoeIt appeals to those of us who feel powerless and screwed over and want to take back some measure of control of our lives, even if it costs us. I personally donâ(TM)t use cloud-based services, but Iâ(TM)d sign up for a scorched-earth service purely for political support.â

Another write up of the talk is here

top

4 horsemen of the infocolypse trotted out in Snowden backlash backlash

kevlar_rat kevlar_rat writes  |  about 5 months ago This story first reported on comp.misc
GCHQ is whining to the PM that Google and Facebook are now encrypting traffic between their servers.
As a reddit commenter explains, this only affects their mass surveillance, they can still get a court order for data on specific suspects.
The Daily Mail has a typically inflammatory headline "Internet giants including Google and Facebook are shielding terrorists and paedophiles".
The comments on the daily mail site are more insightful, among the highest rated comments:

"shielding terrorists and paedophiles"? Er no. These demands are not for this purpose though are they? These endless demands to intrude on the privacy of people are all about control and agencies hate any control over their ability [to] abuse it. We already have laws allowing agencies to plant bugs and spy on people that were supposedly designed to be used only with terrorists, only to discover that the local councils are using them to spy on people with a rogue pets, late library books or untidy gardens. This man can dream on if he thinks the people will be happy with the Big Brother society he wants.

In other words they are trying to pave the way for the government to control the Internet by using the same old scare tactics, peadophiles and terrorists...

The trouble is the government want blanket surveillance of the all communications; this and the fact that they use their powers for such trivial matters as name calling & so called "hate crimes" means that their current stance and statement holds no water for the majority of us. They got caught out and we just don't trust them any more. If they want data, let them get a court order for each person and instance and let them have to prove that it is necessary to collect evidence for terrorism or serious criminal offences.

It looks like the search engines are finally growing a pair and telling the various agencies where they can stick their unreasonable intrusions into the British people's privacy. It's only because of the whistle blowers mentioned that the rest of us know how invasive and unjustifiable these agencies abuses of power have been and how dishonest they've been regarding who they say they're after and why. Bring on quantum encryption, it's time to shut these agencies out for good.

I find the mainstream reaction to this interesting. It looks like people are finally picking up on what hactivists have been saying for years.

top

Simply because I follow the chicken.

kevlar_rat kevlar_rat writes  |  about 5 months ago Reported on squte.com in the comp.misc.news.internet group. There's a bizarre court record of a cross examination here

Q: Do you have a separate business that you have incorporated ... or is this something you do just in your own name?

A. Sir, I had a vision back when I was a child that nobody else in this world could recognize but myself.

I know where Osama bin Laden is today.
I know the cure for SARS today. I know many, many things in this world that other people don't recognize and don't understand and don't know.

Simply because I follow the chicken.
That sounds stupid, it sounds unrealistic to - you think it's childish. But the national bird is the eagle. But the international bird is the chicken. The chicken will carry you down the darkest alleys of the world safely. The eagle will take you down that road by yourself to get you killed. The chicken will take you down there and sleep you in the attics of Muslims. It'll sleep you in the hotels of kings and the palaces of kings and queens. I've lived with the mayor of Djibouti, I've lived with the daughter of the advisor of the president of the Philippines. I've been to Guadalajara, I've been, if I set here, I would hate to make him have to write the places that I've been for the chickens ...

COURT REPORTER: wait a minute

A - you know what I'm saying. I've been around the world six times on the back of a chicken. I ...

Q. Hang on Mr Pittman, I think you're losing the court reporter with some of this stuff.

COURT REPORTER: I didn't get none of that.

found here

top

Updates to squte.com

kevlar_rat kevlar_rat writes  |  about 6 months ago

I have made some updates to the site. As well as minor bug fixes and UI changes, the big change is 'notifications'. You can 'subscribe' to posts in particular groups, or to other posters, tags, etc and be emailed when there are new posts. As always, I am relying on you to tell me of any bugs you find. If I don't know about it, I can't fix it!
All notifications are off by default, so you shouldn't be bothered by any spammy emails about new content you're not interested in (as is the case with some other sites).
To answer a question asked in another forum, there is no way to make a donation to squte.com, the best way to support it is to put a link to squte.com in your sig in any other sites you use and to tell people about it.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>