Josh in CharlotteNC (profile), 11 Sep 2013 @ 12:04pm
Petty, stupid, vindictive: check.
Way to play right into the copyright industry's hand, too.
If he actually gets the rights, and stops it from being performed, you know that the copyright groups will spin this to get termination rights revoked. Even though the informed will understand that this is an issue with copyright in general, all the focus will be on the termination rights.
Maybe I'm just paranoid, but the labels couldn't ask for an artist to do something more perfect for them on this issue. Is it a sham? Wheels within wheels, and all that.
Josh in CharlotteNC (profile), 5 Sep 2013 @ 8:43am
Re:
The Five Eyes coalition can simply share domestic intelligence with each other, and have the Canadians data mine US citizen's information. While the US data mines Canadian information.
Sure, they can do that. But in order to datamine, they need a continuing source of the data. How would the Canadian/UK/Aus/NZ government force a US phone or Internet company to install monitoring systems within networks in the US?
Josh in CharlotteNC (profile), 30 Aug 2013 @ 10:52am
Re:
Compounding that problem is that text messages don't always go through in near real-time. The (very large) building I work in has spots that have horrible reception. If someone sends me a message, sometimes I don't get it for a few minutes - plenty of time for me to walk out to my car and start driving.
Josh in CharlotteNC (profile), 30 Aug 2013 @ 10:44am
Re:
I had a "Stop the world, I want to get off." moment while reading the story. Anyone else want to go form a new country somewhere and not let any of the crazy people in?
Josh in CharlotteNC (profile), 29 Aug 2013 @ 6:29am
Re:
Agree. The McDonald's coffee lawsuit is thoroughly misunderstood based on very early media stories. The temperature of the coffee was way above what even reasonably hot coffee should have been, and if I'm remembering right, left second degree burns after a very brief exposure. Since Techdirt normally likes to heap scorn on the media for leaving out very important details, it should not perpetuate myths even if they have become part of the cultural record.
Josh in CharlotteNC (profile), 27 Aug 2013 @ 11:50am
Trust my encryption keys sitting on a server in Sealand? I think I'll pass.
Don't get me wrong, I'm all for a real data haven Cryptonomicon style, but Sealand isn't remotely close. (No UN recognition of soveriegnty, long track record of unstable "government", no independence in energy, finances, or even food supply makes that a no-go.)
Josh in CharlotteNC (profile), 20 Aug 2013 @ 6:47am
Re: Re: Re:
All commonly used crypto algorithms can be broken in a handful of years, worst case, by anyone who has a moderately sized budget.
I don't think you understand the math involved here. To put it very simply, Moore's law has held pretty steady at doubling compute power (give or take) at 18 months to 2 years. I'll give you the benefit of the doubt and say we can lower that to 1 year.
Q: What would a secure algorithm need to do to keep up with a doubling of computer power every year?
A: Add single bit to the key length each year. Instead of a 256-bit key, you'd need a 257-bit key.
Today, assume a 256-bit key encrypted with algorithm X takes 1 year to brute force.
A 512-bit key encrypted with the same algorithm will take the same amount of time (1 year) to brute force *over*250*years*from*now assuming yearly doubling of compute power.
For any serious modern crypto system, key lengths are much longer, and the algorithms are more robust.
Those "heat death of the universe" estimates are assuming naive brute-force encryption. In the real world, that is not how it's done.
And that's specifically why I qualified that statement with "so long as the algorithm is secure" - because modern techniques are to find a weakness in the algorithm or implementation of the system. If a flaw is discovered in the algorithm, all bets are off. If a flaw is discovered in the implementation, all bets are off (example: Android bitcoin wallet using stupid method to generate random numbers, story last week).
If you want a good example of the difference between attacking an algorithm, and attacking the implementation, head over to ArsTechnica and read up on their password cracking stories. All of that is attacking the implementation of how passwords are stored, and how people choose passwords. And yet, with the big password disclosures, there are still some fraction of the lists that remain uncracked - because those passwords cannot be predicted using the methods and would still take absurdly long lengths of time to crack trying every possibility.
Josh in CharlotteNC (profile), 19 Aug 2013 @ 1:30pm
Re:
Barring huge advances in quantum computers or large number factorization, they're fine from brute force decryption. So long as the algorithm is secure, we're talking heat death of the universe timescales with current and reasonably predictable CPU speed increases.
Of course, that still leave the door open for rubber-hose decryption (otherwise known as 'Tell us the key or we'll keep beating you with this rubber hose.'). Which they're half a step away from using if they're willing to detain people only tangentially related to the case.
Josh in CharlotteNC (profile), 19 Aug 2013 @ 10:30am
Re: The Pendulum swings
You mistake having smart people with the smart people being in charge (or being able to shape policy).
The NSA does have many incredibly intelligent people. Their crypto teams are some of the best in the world, both in terms of breaking crypto systems, and in coming up with crypto systems that are very difficult to break. They probably have many very smart analysts just like Snowden, who are genuinely trying to play by the rules as best they can.
But those people are the worker bees. They take their orders and direction from the bosses.
Josh in CharlotteNC (profile), 19 Aug 2013 @ 7:02am
Re: what?
I'm still trying to get my head around this number.
Mathematically, even if you have thousands of analysts performing queries nonstop, this number is unlikely.
So, either there's tens or hundreds of thousands of analysts who have access to this data, or most of those queries are automated.
If that many people have access to it, then the low number of abuses is completely absurd and doesn't pass the laugh test. If those queries are automated, then they are extremely inefficient, repetitive, and bloated that the output has got to be utterly useless and full of false positives and probably letting all those important needles slip through.
I suppose it's also possible that the NSA has also redefined "query" to mean something that it doesn't in the normal use of the word among people who work with databases. I don't claim to be a DBA, but I did get stuck with maintaining a database with 150k records for a few months, and even I was only doing a dozen queries a day on it.
On the post: Lavabit's Levison Now Avoids Email Altogether, Has Turned Into A 'Political Activist' Thanks To The NSA
Re: ootb
Not sure the tradeoff would be worth it, as we do get some very good anonymous posts.
On the post: Angered By The NSA, But Confused By Acronyms, Brazilian Hacker Defaces NASA Websites
On the post: Defense Department Can't Afford To Buy A Fax Machine To Receive FOIA Requests
Oh, wait. We spend billions on one of those.
On the post: Village People Singer Wants To Ban The Group From Singing YMCA After Claiming He's Regained The Copyright
Way to play right into the copyright industry's hand, too.
If he actually gets the rights, and stops it from being performed, you know that the copyright groups will spin this to get termination rights revoked. Even though the informed will understand that this is an issue with copyright in general, all the focus will be on the termination rights.
Maybe I'm just paranoid, but the labels couldn't ask for an artist to do something more perfect for them on this issue. Is it a sham? Wheels within wheels, and all that.
On the post: NSA & GCHQ Covertly Took Over Security Standards, Recruited Telco Employees To Insert Backdoors
Re:
Who else is? The Russian FSB? The Chinese intelligence service? Organized crime?
On the post: Canada's Copyright Board Shuts Down Industry's Request For 'You Must Be A Criminal Tax' On MicroSD Cards
Re:
http://www.newegg.com/Product/Product.aspx?Item=N82E16820147220
On the post: Author Of Patriot Act As Well As Members Of Church Commission Tell Court NSA Has Gone Too Far
Re:
Sure, they can do that. But in order to datamine, they need a continuing source of the data. How would the Canadian/UK/Aus/NZ government force a US phone or Internet company to install monitoring systems within networks in the US?
On the post: Best Response To A Copyright Threat Ever? Lawyers Explain Why ABA Is Full Of S**t In Claiming Copyright On Routing Numbers
On the post: Court Says You Can Be Liable For Merely Sending A Text Message To Someone Who's Driving
Re:
On the post: Court Says You Can Be Liable For Merely Sending A Text Message To Someone Who's Driving
Re:
On the post: Texas Deputy Sues 911 Caller For Not 'Adequately Warning' Him Of Potential Danger Or 'Making The Premises Safe'
Re:
Just keeping you honest, Tim.
On the post: Cracked Shows How To Respond To Someone Infringing On Their Work
Please, think of the lawyers!
On the post: Gun Runner Uses Instagram Account To Sabotage Own Criminal Enterprise, And Bloomberg Still Thinks It's A Win For Stop And Frisk
Re:
On the post: It's Baaaaaack: HavenCo Trying Once Again To Bring Encrypted Computing To The Masses, But Not Hosted On Sealand
Don't get me wrong, I'm all for a real data haven Cryptonomicon style, but Sealand isn't remotely close. (No UN recognition of soveriegnty, long track record of unstable "government", no independence in energy, finances, or even food supply makes that a no-go.)
On the post: 1,000 Sys Admins Can Copy Any NSA Document Without Anyone Knowing About It; Think Only Snowden Did?
Re: Re: Re: Have those 1000 sysadmins actually been terminated?
That's funny.
I don't think the NSA's system fits as either of those adjectives.
On the post: White House Says It Had 'No Role' In UK Detention Of David Miranda, But Did Have A 'Heads Up'
Re: Re: Re:
I don't think you understand the math involved here. To put it very simply, Moore's law has held pretty steady at doubling compute power (give or take) at 18 months to 2 years. I'll give you the benefit of the doubt and say we can lower that to 1 year.
Q: What would a secure algorithm need to do to keep up with a doubling of computer power every year?
A: Add single bit to the key length each year. Instead of a 256-bit key, you'd need a 257-bit key.
Today, assume a 256-bit key encrypted with algorithm X takes 1 year to brute force.
A 512-bit key encrypted with the same algorithm will take the same amount of time (1 year) to brute force *over*250*years*from*now assuming yearly doubling of compute power.
For any serious modern crypto system, key lengths are much longer, and the algorithms are more robust.
Those "heat death of the universe" estimates are assuming naive brute-force encryption. In the real world, that is not how it's done.
And that's specifically why I qualified that statement with "so long as the algorithm is secure" - because modern techniques are to find a weakness in the algorithm or implementation of the system. If a flaw is discovered in the algorithm, all bets are off. If a flaw is discovered in the implementation, all bets are off (example: Android bitcoin wallet using stupid method to generate random numbers, story last week).
If you want a good example of the difference between attacking an algorithm, and attacking the implementation, head over to ArsTechnica and read up on their password cracking stories. All of that is attacking the implementation of how passwords are stored, and how people choose passwords. And yet, with the big password disclosures, there are still some fraction of the lists that remain uncracked - because those passwords cannot be predicted using the methods and would still take absurdly long lengths of time to crack trying every possibility.
On the post: NSA Defenders Insist Their Lawbreaking Should Be Ignored Because They 'Didn't Mean It'
Re: Re: The NSA Defence
On the post: White House Says It Had 'No Role' In UK Detention Of David Miranda, But Did Have A 'Heads Up'
Re:
Of course, that still leave the door open for rubber-hose decryption (otherwise known as 'Tell us the key or we'll keep beating you with this rubber hose.'). Which they're half a step away from using if they're willing to detain people only tangentially related to the case.
On the post: Rep. Dennis Kucinich: Abolish The NSA And Give Snowden A Parade
Re: The Pendulum swings
The NSA does have many incredibly intelligent people. Their crypto teams are some of the best in the world, both in terms of breaking crypto systems, and in coming up with crypto systems that are very difficult to break. They probably have many very smart analysts just like Snowden, who are genuinely trying to play by the rules as best they can.
But those people are the worker bees. They take their orders and direction from the bosses.
On the post: NSA Defenders Insist Their Lawbreaking Should Be Ignored Because They 'Didn't Mean It'
Re: what?
Mathematically, even if you have thousands of analysts performing queries nonstop, this number is unlikely.
So, either there's tens or hundreds of thousands of analysts who have access to this data, or most of those queries are automated.
If that many people have access to it, then the low number of abuses is completely absurd and doesn't pass the laugh test. If those queries are automated, then they are extremely inefficient, repetitive, and bloated that the output has got to be utterly useless and full of false positives and probably letting all those important needles slip through.
I suppose it's also possible that the NSA has also redefined "query" to mean something that it doesn't in the normal use of the word among people who work with databases. I don't claim to be a DBA, but I did get stuck with maintaining a database with 150k records for a few months, and even I was only doing a dozen queries a day on it.
Next >>