Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Are You Sure This Is the Source Code?

mrogers Re:Bogus argument (311 comments)

The latest alpha release of the Tor Browser uses a deterministic build process for exactly that reason: users of open source software (or the small minority of users with the necessary technical skills) should be able to check that the published binaries match the published source exactly - no malware, no easter eggs, no backdoors. If someone detects a mismatch, they can alert the rest of the community.

Mike Perry, who spent six weeks getting deterministic builds working for Tor, has some interesting thoughts on why this is an important issue for security tools, even if the users completely trust the developers.

I'd like to see more open source projects following Tor's lead. Gitian is a deterministic build tool that might help - it enables multiple people to build a binary from the same source and check that they get identical results.

about a year ago
top

FBI Seizes Server Providing Anonymous Remailer Service

mrogers Re:nonsense (355 comments)

This case is unusual in that there's been a long series of bomb threats - they could easily have started monitoring all known remailers a week ago. But I wouldn't be surprised if they had all known remailers under surveillance all the time - especially since they know that's necessary if they want to trace a message at any time in the future.

What they should have done is use one of those handy-dandy national security letters or whatever they are called to gain access to the server in secret. They could have pried the private key loose that way, then initiated monitoring on the next server up the chain, another letter, and so on.

Interesting point - I wonder if they though the Riseup admins would blow the whistle and go to jail.

Of course this also falls apart if one of the servers is some place that doesn't like the US and won't honor requests from US law enforcement.

True. Watching this unfold could be an interesting lesson in the international reach (or not) of wiretap and seizure orders.

more than 2 years ago
top

FBI Seizes Server Providing Anonymous Remailer Service

mrogers Re:nonsense (355 comments)

Unless the server operator was a total dofus, this brings them exactly zero steps towards resolving their problem, because this is exactly the kind of attack that Mixmasters was designed to withstand.

I'm not sure you're right about that. Unlike the more recent Mixminion design, Mixmaster doesn't provide forward secrecy. Each mix uses a long-term public/private key pair. To send a message anonymously, you encrypt it with the public key of each mix you want it to pass through, and each mix uses its own private key to remove a layer of encryption. The last mix in the chain removes the last layer of encryption and delivers the message to its destination. The mixes carry on using the same key pairs indefinitely.

Now imagine you have the wiretapping and server-seizing powers of the FBI and you want to trace a message. You wiretap all the mixes and record the encrypted messages passing between them. When an unencrypted bomb threat pops out of one of the mixes, you seize that mix and use its private key to decrypt all the messages you recorded arriving at that mix. One of them decrypts to the bomb threat. You seize whichever mix that message came from and repeat.

This attack has been known about ten years, which is why Mixminion changes its key pair periodically and uses TLS on the connections between mixes. But remailers don't get much attention these days, so it seems people are still using Mixmaster.

TL;DR: You can trace messages by seizing Mixmaster servers. Expect more servers to be seized in the coming days.

more than 2 years ago
top

New Programming Languages Come From Designers

mrogers Handy flowchart (435 comments)

I used to spend a lot of time evaluating new languages. Now I just use this handy flowchart.

more than 2 years ago
top

Anonymous, Decentralized and Uncensored File-Sharing Is Booming

mrogers Re:"Goes through a trusted friend"? (308 comments)

Doesn't that just make the "friend" instantly liable for contributory infringement?

When you download a file through a chain of people, every link in that chain is a friendship. Nobody connects directly to a stranger. So the only people who can bust you for contributory infringement are your own friends, and the only people who can bust them are their own friends, and so on.

It's possible that an infiltrator would spend time building up fake friendships just to bust people for copyright infringement, but it doesn't seem very cost-effective to me. That tactic has been pretty much abandoned in drug policing because it just mops up a few naive people at the edges of the distribution network without ever getting closer to the centre.

more than 2 years ago
top

Anonymous, Decentralized and Uncensored File-Sharing Is Booming

mrogers Re:What a surprise (308 comments)

By the time the darknet grows enough to be useful there will be some friends of friend of friends that are not so careful and not so trustworthy, and not so cluefull. They will click a link somewhere. Their kids will install some internet game. They will get a piece of malware installed. They will get compromised, then the movies sitting on their computers will be discovered as well as their list of darknet friends, and the jig is up.

Whose jig is up? Not mine. If somebody two or three hops away from me in the darknet gets owned, I don't lose my anonymity, because the only people who know my identity are my immediate neighbours in the darknet, who are people I trust.

In BitTorrent, a single compromised node can identify everyone in the swarm. In a darknet, a compromised node can only identify its immediate neighbours. If you choose your friends carefully you can stay safe, even if your friends' friends aren't so careful.

more than 2 years ago
top

Anonymous, Decentralized and Uncensored File-Sharing Is Booming

mrogers Re:Isn't this smiliar to (308 comments)

The first rule of darknets is "Don't talk about darknets" - so they tend to get reinvented a lot. ;-)

WASTE and RetroShare are fairly similar, but RetroShare has a lot more features - forums, its own email system, public and private chatrooms, better portability, better firewall traversal, etc.

more than 2 years ago
top

Anonymous, Decentralized and Uncensored File-Sharing Is Booming

mrogers Re:Retroshare still requires a central server (308 comments)

You're going to need a centralized forum/chatroom, aren't you, where you can meet people and identify those with common interests and focus?

I've heard rumours about a distributed network of chatrooms called IRL where you can meet people with similar interests. Apparently it's like IRC except the jokes aren't as good.

more than 2 years ago
top

Napster Being Shut Down

mrogers Re:Repost (213 comments)

Similarly, after LimeWire was shut down the brand was relaunched as a monthly subscription service for slowing your computer down and giving you viruses.

more than 2 years ago
top

CarrierIQ Tries To Silence Security Researcher

mrogers Re:He should remove it. (216 comments)

Wow, Jacob Appelbaum has really changed since he joined that church...

more than 2 years ago
top

Is the Creative Class Engine Sputtering?

mrogers Re:Exploiting creativity is what makes $ (520 comments)

While I agree with your criticism of the "creative economy" fable, I can see one way in which "creative industries" can genuinely increase productivity, and that's by making people want more stuff, or newer stuff, or higher-status stuff, which in turn makes them work harder, keeping the ol' investment capital flowing. Novelty is an important part of that process, and novelty is the sine qua non of the "creative industries": even when the product sucks, at least it's new.

The stimulation of demand through advertising and marketing has been driving Western economies since the Second World War, and it works just as well for intangible as tangible goods. So while I agree with your criticism, I don't think you should limit it to the "creative industries" - I think it applies to any industry that would vanish in a puff of smoke without its advertising department.

more than 2 years ago
top

Is the Creative Class Engine Sputtering?

mrogers Re:He is using strange definitions (520 comments)

It's hard to see why a video store clerk (what is a video store?) is a creative persona.

The "creative class" isn't the class of creative people - it's the class of people whose jobs depend on the production of intangible goods such as stories, music and software. That's why video store employees (remember them?) and software engineers are members of the class but shoe store employees and hardware engineers aren't. It's a well-recognised labour category in the UK, but apparently not in the U.S., according to this excellent article about the creative industries:

In Britain, where the pioneering work on the concept has been done, the category covers design, advertising, theatre, dance, music, visual arts, creative writing, crafts, plus museums and galleries. On the ministerial level it also includes leisure, entertainment, tourism and heritage industries, and sports. The situation in the UK, in particular, is quite different because throughout the 1990s to the present, “creative industry” has been a government-established, recognized, and practiced category for government policy and administration. In the United States, in contrast, the terms “creative industries” and “culture industries” are rarely used outside academic circles. The term “creative economy” does appear in some policy discussions and documents on a local and sometimes regional level. . . . . In other cases, the terms “information economy,” and “intellectual property” are the common framing concepts and cover the effort to control and efficiently commodify creative material, especially in its intangible forms.

more than 2 years ago
top

Ask Slashdot: Best Way To Learn About Game Theory and AI?

mrogers Game Theory: A Critical Introduction (152 comments)

The best technical introduction to game theory I've come across is Game Theory: A Critical Introduction by Shaun P. Hargreaves-Heap and Yanis Varoufakis, which introduces the most important concepts while placing them within their philosophical context (for example, to what extent is it reasonable to regard humans as the kind of agents assumed by game theory?). I've been studying game theory for years and wish I'd read this book a long time ago.

If you really have no patience for philosophy, try Game Theory for Applied Economists by Robert Gibbons instead. ;-)

John Maynard Smith's Evolution and the Theory of Games is accessible and indispensable.

Less technical works that explore the implications of the theory in fascinating ways include The Evolution of Cooperation (the book that first got me interested in the subject) and The Complexity of Cooperation by Robert Axelrod, and anything by Brian Skyrms.

more than 2 years ago
top

.UK Registrar Offers To Let Police Close Domain

mrogers My response to the draft recommendations (141 comments)

Having stuck my oar in during a previous consultation, I was emailed a copy of the draft recommendations and asked for feedback. Here's the response I sent to Nominet.

Dear ______,

Thank you for circulating this draft. I'm disappointed to find that Nominet is still considering adopting a policy that effectively grants the police new powers. In a democratic society, the only acceptable way for police powers to be extended is through legislation. If there is a genuine need for the police to be able to take down websites without judicial supervision, Parliament should grant the police that power. If Parliament does not do so, no other organisation should arrogate the right to do so - particularly when, as the draft notes, the Government is currently considering such legislation.

It may be inconvenient for the police, and perhaps even "harmful to consumers", that judicial oversight sometimes imposes delays on police work. Nevertheless, that oversight exists for good reasons, and attempts by the police to circumvent it are misguided and dangerous.

Court orders are available at very short notice for other kinds of urgent police work; if the courts have not seen fit to make orders for taking down websites available to the police as quickly as the police would like then it is worth asking why not. Nominet should not allow itself to be manipulated by the police into short-circuiting the judicial process.

As a piece of quasi-legislation, the draft is seriously lacking. It does not define key terms such as "consumer harm" or "UK law enforcement agencies with which Nominet has a trusted relationship". No process is defined for deciding which cases "involve disputes between private parties, freedom of expression or political speech", or for challenging such decisions.

The vague language in the final paragraph about an "appeal mechanism" and an "independent panel" makes no concrete commitments to meaningful oversight. Indeed, it is difficult to imagine how it could do so, since Nominet does not have any legal powers to punish wrong decisions or make reparations. The courts do - they are the proper venue for such decisions.

Best regards,
______

more than 2 years ago
top

Belarus Cracks Down On VKontakte

mrogers Re:Tor? (111 comments)

But your dog isn't (I assume) a political activist. Facebook doesn't go out of its way to track down accounts with false names, but if someone complains that your account has a false name, it will be suspended until you provide legal documentation of the name, such as a passport or driver's license.

This has happened, and continues to happen, to activists around the world. Michael Anti, the Chinese journalist, was one high-profile case. There's a Facebook fan page about him, but he's no longer allowed to have a Facebook account.

about 3 years ago
top

Widespread Hijacking of Search Traffic In the US

mrogers Use HTTPS (194 comments)

Another good reason to install HTTPS Everywhere, a browser extension that will redirect your Google searches to the HTTPS version of the site. By checking the certificate presented by the server, your browser can then be sure that it's talking directly to Google. (HTTPS Everywhere also works for a lot of other popular sites.)

Or, if you don't like Google, use DuckDuckGo, which uses HTTPS by default with no need for a browser extension.

about 3 years ago
top

BitTorrent Turns 10

mrogers Re:Pretty much never? (203 comments)

I think something like TPB model is there to stay, if necessary they'll just move it to be a TOR onion site, still centralized but anonymous.

On that point, it's interesting to see clients like MediaGet and Frostwire 5 incorporating search into the client. If one of the sites they rely on gets shut down, not only could the clients switch to another site at the next upgrade, they could potentially switch to another way of contacting the site (eg through Tor, as you suggested) without the users needing to be any the wiser.

more than 3 years ago
top

BitTorrent Turns 10

mrogers Re:Pretty much never? (203 comments)

Going distributed is THE way of stopping people from shutting you down.

But ironically, what BitTorrent got right (and it pains me to admit this, because I'm a big fan of pure P2P solutions) was centralising the hard parts - search and peer location - and distributing the easy part - content distribution.

Another area where BitTorrent struck the right balance between pure P2P and pure centralisation was in content curation. Gnutella made it incredibly easy to share a file, but the result was a ton of low-quality, badly-labelled, nearly-identical files. BitTorrent made it just hard enough that only a few, relatively dedicated people would create torrents, and everyone else would just redistribute them. I don't think that was a conscious design decision, but it happened to hit the sweet spot.

more than 3 years ago
top

Microsoft Buys 666,000 IP Addresses

mrogers Re:Does this mean IPv4 addresses will sell like DN (264 comments)

Your boss will ask you "How much does it cost to adopt v6?" And then he'll buy those v4 addresses.

I agree, at the moment that's what will happen - and arguably that's the rational response, at the level of the firm if not at the level of the net as a whole. But in the longer term I believe a market for IPv4 addresses will have two consequences:

1. Organisations that are currently sitting on more address space than they need will start to use it more efficiently so they can sell or lease the surplus. That will ease the address space shortage.

2. New organisations, which don't face a large upgrade cost if they choose IPv6, will buy a few IPv4 addresses for public-facing assets such as websites and mailservers that absolutely have to be reachable by IPv4-only customers. Everything else will be done with IPv6. Then a few years down the line, someone within each organisation will ask, "What share of our revenue comes through the IPv4 site, and how much is that site costing us?" Organisations on the margin will start to drop IPv4 support, creating extra pressure for the remaining IPv4-only organisations to upgrade.

more than 3 years ago

Submissions

top

House Gives Telcos Immunity, Extends Wiretap Laws

mrogers mrogers writes  |  more than 6 years ago

mrogers writes "Wired's Threat Level blog and the International Herald Tribune are reporting that a bill granting immunity to telcos accused of facilitating illegal warrantless wiretaps, and extending the government's powers to conduct surveillance without judicial oversight, has passed the House of Representatives by 293 votes to 129. Only one Republican voted against the bill; Democrats were evenly split. The warrantless wiretapping program was first revealed by AT&T whistleblower Mark Klein."
Link to Original Source
top

Administration Claims Immunity to 4th Amendment

mrogers mrogers writes  |  more than 6 years ago

mrogers writes "The EFF has uncovered a troubling footnote in a newly declassified Bush Administration memo, which asserts that "our Office recently [in 2001] concluded that the Fourth Amendment had no application to domestic military operations." This could mean that the Administration believes the NSA's warrantless wiretapping and data mining programs are not governed by the Constitution, which would cast Administration claims that the programs did not violate the Fourth Amendment in a whole new light — after all, you can't violate a law that doesn't apply. The claimed immunity would also cover other DoD agencies, such as CIFA, which carry out offline surveillance of political groups within the United States."
Link to Original Source
top

Administration Claims Immunity to 4th Amendment

mrogers mrogers writes  |  more than 6 years ago

mrogers writes "The EFF has uncovered a troubling footnote in a newly declassified Bush Administration memo, which asserts that "our Office recently [in 2001] concluded that the Fourth Amendment had no application to domestic military operations." This could mean that the Administration believes the NSA's warrantless wiretapping and data mining programs are not governed by the Constitution, which would cast Administration claims that the programs did not violate the Fourth Amendment in a whole new light — after all, you can't violate a law that doesn't apply. The claimed immunity would also cover other DoD agencies, such as CIFA, which carry out offline surveillance of political groups with in the United States."
Link to Original Source
top

UK Police Want DNA of 'Potential Offenders'

mrogers mrogers writes  |  more than 6 years ago

mrogers writes "British police want to collect DNA 'samples from children as young as five who "exhibit behaviour indicating they may become criminals in later life'. This line of thinking will be familiar to fans of Philip K. Dick. A spokesman for the Association of Chief Police Officers argued that since some schools already take pupils' fingerprints, the collection and permanent storage of DNA samples was the logical next step. And of course, if anyone argues that branding naughty five-year-olds as lifelong criminals will stigmatize them, the proposed solution will be to take samples from all children..."
Link to Original Source
top

Cubans Use Sneakernet to Evade Censorship

mrogers mrogers writes  |  more than 6 years ago

mrogers writes "According to an article in the International Herald Tribune, Cubans are using thumb drives and digital cameras to share videos critical of the regime. 'It passes from flash drive to flash drive,' according to one Cuban hacker. 'This is going to get out of the government's hands because the technology is moving so rapidly.' The internet is tightly controlled in Cuba — home connections are illegal and Havana's one internet cafe is strictly monitored. But some Cubans have found ways around the restrictions, connecting to the outside world through illegal satellite hookups and then distributing information through the 'sneakernet' to stay below the government's radar."
Link to Original Source
top

Internet Censorship's First Death Sentence?

mrogers mrogers writes  |  more than 6 years ago

mrogers (85392) writes "A journalism student in Afghanistan has been sentenced to death by a Sharia court for downloading and sharing a report criticizing the treatment of women in some Islamic countries. The student was accused of blasphemy and tried without representation. According to Reporters Without Borders, sixty people are currently in jail worldwide for criticizing governments online, fifty of them in China, but this may be the first time someone has been sentenced to death for using the internet. Internet censorship is on the rise worldwide, according to The OpenNet Initiative. The Independent newspaper has organized a petition calling for the student's sentence to be overturned."
top

UK Will Use "Coercion" For National ID Dat

mrogers mrogers writes  |  more than 6 years ago

mrogers writes "UK campaigners NO2ID have asked bloggers around the world to help mirror a leaked government document that reveals plans to "coerce" citizens into surrendering their personal information for the National Identity Register. "Various forms of coercion ... are an option to stimulate applications in a manageable way," according to the leaked report, which follows a series of massive personal data losses that have called the government's IT competence seriously into question."
Link to Original Source
top

US Launches "MySpace for Spies"

mrogers mrogers writes  |  about 7 years ago

mrogers (85392) writes "According to the Financial Times, the US Director of National Intelligence is preparing to launch A-Space, 'an internal communications tool modelled on the popular social networking sites, Facebook and MySpace.' A-Space will go live in December, alongside spook-centric versions of Wikipedia and del.icio.us, in an attempt to encourage cooperation between the United States' sixteen intelligence agencies.

There's no mention of what the A stands for, though — any suggestions?"
top

Harry Potter and the Chinese Pirates

mrogers mrogers writes  |  about 7 years ago

mrogers (85392) writes "Many Slashdot readers will have come across files that claimed to be leaked copies of the seventh Harry Potter book — perhaps some even downloaded the genuine bootleg that was made by photographing every page. But the IHT reports that in China, Potter piracy has become a cottage industry.

Here, the global Harry Potter publishing phenomenon has mutated into something altogether Chinese: a combination of remarkable imagination and startling industriousness, all placed in the service of counterfeiting, literary fraud and copyright violation.
Titles like "Harry Potter and the Hiking Dragon" are available alongside digital copies of the genuine article, raising the question of where fan fiction ends and counterfeiting begins. Is this a glimpse of what culture would be like without copyright?"
top

FBI Requires a Warrant to Install Spyware

mrogers mrogers writes  |  more than 7 years ago

mrogers (85392) writes "The FBI requires a warrant to install spyware on a suspect's computer, according to a new appeals court ruling. An earlier ruling had appeared to grant the FBI permission to install spyware under the weaker provisions applied to pen registers, which record the telephone numbers or IP addresses contacted by a suspect. However, yesterday's amendment made it clear that the pen register provisions only apply to equipment installed at the suspect's ISP.

The FBI recently used spyware to determine the source of a hoax bomb threat, as reported here and here."
top

mrogers mrogers writes  |  more than 7 years ago

mrogers (85392) writes "Physorg has an intriguing story suggesting that humans may have evolved as running hunters, long before the invention of the first weapons:

Humans ... have several adaptations that help us dump the enormous amounts of heat generated by running. These adaptations include our hairlessness, our ability to sweat, and the fact that we breathe through our mouths when we run, which not only allows us to take bigger breaths, but also helps dump heat.

"We can run in conditions that no other animal can run in," Lieberman said.
I for one welcome our new hairless, sweaty, mouth-breathing overlords."
top

mrogers mrogers writes  |  more than 7 years ago

mrogers (85392) writes "Infowars brings us the following news from the UK, which is fast becoming the front line of the war on privacy:

"Read my lips...." used to be a figurative saying. Now the British government is considering taking it literally by adding lip reading technology to some of the four million or so surveillance cameras in order identify terrorists and criminals by watching what everyone says.
Perhaps the lip-reading cameras and the shouting cameras will find something to talk about."
top

mrogers mrogers writes  |  more than 7 years ago

mrogers (85392) writes "Reporters Without Borders has published its annual Worldwide Press Freedom Index, which ranks countries according to the level of censorship, legal pressure, intimidation and violence experienced by journalists. Finland, Iceland, Ireland and the Netherlands top the list; North Korea, Turkmenistan, Eritrea and Cuba are at the bottom, and were among the ten most censored countries according to New York's Committee to Protect Journalists.

The UK occupies an unimpressive 27th place in the Press Freedom Index, and the US is 53rd. The ranking criteria can be found here."
top

mrogers mrogers writes  |  more than 7 years ago

mrogers (85392) writes "Hacktivismo, an international group of computer security experts and human rights workers, has announced the release of Torpark, an anonymous, fully portable Web browser based on Mozilla Firefox. Torpark comes pre-configured, requires no installation, can run off a USB memory stick, and leaves no tracks behind in the browser or computer. Torpark uses the TOR (The Onion Router) network to anonymize the connection between the user and the website that is being visited."
top

mrogers mrogers writes  |  more than 7 years ago

mrogers (85392) writes "An intriguing new study from the University of Kent has found differences in the way male and female players respond to competition in a public goods game. Male players are more likely to cooperate with their team-mates when competing against another team, whereas the presence of competition does not affect the behaviour of female players. The gender difference has been dubbed 'the male warrior effect'. The study does not indicate whether the differences are due to cultural or biological factors."
top

mrogers mrogers writes  |  about 8 years ago

mrogers writes "Following on the heels of last year's collision search attack against SHA-1, researchers at the Crypto 2006 conference have announced a new attack that allows the attacker to choose part of the colliding messages. "Using the new method, it is possible, for example, to produce two HTML documents with a long nonsense part after the closing </html> tag, which, despite slight differences in the HTML part, thanks to the adapted appendage have the same hash value." A similar attack against MD5 was announced last year."

Journals

mrogers has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>