EPIC Report On International Cryptography 56
kalifa writes: "The EPIC (Electronic Privacy Information Center) has just published its annual report on international cryptography. It is available here.
It's pretty informative, and I hope it will help changing many false misconceptions (and, by the way, put an end to the same good old francophobic stuff, which is obviously unjustified after the study of this report). "
OFF-TOPIC (Score:1)
Re:Story at CNET (Score:1)
Re:question from a newbie (Score:1)
Speaking of stocks, I would like to recommend
AREE, which is poised to double within the next
month.
Speaking of making money with credit card fraud, I understand that most companies won't bother to go after you unless you rip them off for more than $100-$200.
Personally, I have almost no qualms about giving my CC# out, because I'm not liable.
The downfall of Slashdot (Score:1)
Slashdot.org used to be a quality news site with meaningful, relavent information. Now it is nothing but a trash hole filled with yesterday's news. I belive the "golden age of slashdot" ended because of two events:
The merger with Andover.net/VA Linux and
The implementation of moderation.
When you sold your site to andover.net, many people feared the worst: Taco had sold out. Initially, things were handled well and there was no obvious change in the management of the site. As time went on, however, many changes occured, mostly bad.
For example, the topics now posted to slashdot are old and meaningless. Further, important events are often never writen about seemingly because your parent company is looking over your shoulder. In the past few months, the stock prices of the big Linux companies(especially VA Linux) have tanked. This is news worthy of a topic.
More disturbingly, you seem to cover up events which do not reflect well on VA and your site. A few days ago when slashdot was down for half a day, there was no reason given. When people asked, you marked them down as flamebait or off topic. In the old days, if slashdot were down for even 30 minutes, you would post an explanation. Did you forget this time?
Now to moderation which is turning out to be the nail in your coffin. You claim that moderation is not censorship but merely a filter that relevant information must pass through. Frankly, that is bullshit. Many on-topic posts are moderated down simply because they disagree with open source dogma or are critical of Linux and VA. In many cases, if the downward moderated post were to say the exact same thing about another company(Microsoft), they would be moderated up.
Now registered members of your site can view at any threshold they want to, but the default view for non-members is > -1. By moderating these anti-Linux posts down, you are preventing them from being viewed by the masses. Thus, you have commited an act of censorship.
The trolls don't like being censored. To prevent this, they simply post many messages so that they all can not be moderated down. If you were to get rid of moderation, there would still be the occasional troll, but you would not see mass spam. The message, however unpopular or inane, would get through the first time.
Another problem is your moderators' lack of humor. Many times I have rolled on the floor laughing at a post marked down to -1. So what if someone makes fun of your mom? Personally, I find many of the "hot grits" posts to be funny. Most should not be moderated down.
I'm only going to say this once to you, Mr Taco: Slashdot is going to die unless changes are made. Here is the way to fix slashdot: Take it private. Being owned by a large corporation is influencing your reporting. You must find a way to "buy back" slashdot from VA if you want to stay in business.
Respectfully yours,
Metawronka
Re:question from a newbie (Score:1)
>efficiently factor large prime numbers
Err, I should hope not. Isn't one of the things that makes prime numbers prime is that their only factors are themselves and one?
Re:US report (Score:1)
Enigma. WWII. Next!
Re:question from a newbie (Score:1)
No, but if you're a European company doing export business with Asia, or a NGO like Amnesty International, the NSA almost certainly do try to read your mail. There's plenty of people who have real, concrete and current needs to make their mail NSA-proof (or at least NSA-resistant).
False misconceptions? (Score:1)
Re:US report (Score:1)
> American STATES. France is the size of Texas.
> Shouldn't they be capable of
> moving faster on things than the US?
A more meaningful comparison would be on respective populations. France has around 60 million inhabitants, the US 270. Thus, changes in French law would amount to changes in something like one fourth of the US, which vastly exceeds a single US state.
Oh, Please (was: Francophobic?) (Score:1)
(jfb)
Re:US report (Score:1)
But let's return on topic: IMO geographic size doesn't matter really, what matters more is the populace of a state: Italy (I am italian) has 1/6 of the USA populace, France has more (but I don't remember how much). But then Sweden, with "only" 6 million inhabitants, is one of the most technologically advanced countries in the world, and Norway and Finland should measure on the same scale (I remember a guy named Linus Torvalds to be finnish).
In this case, I believe this regulatory behavior to be the result of an historic governamental paranoia, which leads from time to time to witch hunts.
I would hold off on nuking the French (Score:1)
Actually, it would probably be a better idea to wait a little while before turning France into a parking lot for EuroDisney. Once the stock market cools off, and the new administration takes over later this year, the economy will be in the toilet. Since everyone knows that war is good for the economy, we should put our national labor force to work on producing bars of soap, to airdrop them in France. We can also put our printing industry to work printing instructions in French on how to use soap.
Then, once France smelled a little better, we'd move all the people we dont want over there, offering them political asylum. Alanis Morissette, Gerard Depardieu, The Backstreet Boys, Elian Gonzales -- all of em, just move em over to France. Then nuke it, pave it, and charge admission to worship Mickey.
Sounds good to me.
Bowie J. Poag
Project Founder, PROPAGANDA For Linux (http://metalab.unc.edu/propaganda [unc.edu])
Dell, Gateway, Apple (Score:1)
Real businesses out there use it all day every day.
Hey, even FedEx qualifies as an e-commerce company.
If you care, do something. (Score:1)
The other response is to set up your own forum.
The *only* reason that I am posting this response is that you have posted your points against every story today. When does 'Interesting' become 'Redundant'? And when does 'Redundant' become 'Trolling'? (I hate the misuse of the word 'troll' - check here [tuxedo.org] for the canonical [tuxedo.org] definition)
Try emailing cmdrtaco@slashdot.org before you post this again.
Share and enjoy.
Chaz
Re:Key Escrow is Dead, Hurrah! (Score:1)
Re:Restrictions? Duh! (Score:1)
Note for the sarcasm impaired: This is meant as a joke! Not a flame or troll!
Re: e-commerce? commerce? (was Re:US Report) (Score:1)
> And what part of the economy would that be? Is that the all-too-crucial overblown
> speculative-bubble part? I haven't heard of any e-companies that are in the black yet.
Obviously, the report refers not to the amazons and ebays but rather to the banks and other "old" businesses that do most -- if not all -- of their transactions electronically. Would _you_ put your trust (and cash) in a bank whose inner workings are open for any script kiddie to exploit?
Re:I would hold off on nuking the French (Score:1)
Offtopic- War isn't good for the economy. Unless you're only looking at manufacturers of guns or tanks.
That's called the "broken window" fallacy, described by a French economist, no less, Frédéric Bastiat. He describes how the repair work done by fixing a broken window only appears to be an increase in activity. But it fails to take into account what the window-maker could have been doing if he wasn't fixing the window. That production is lost. If breaking the window was good for the economy, then we could break all the windows and spur growth mightily.
War is the broken window writ large. What exactly is produced by creating weapons and blowing them up? Nothing but mess to clean up. On top of that there is the enormous loss of what all that effort could have produced. If you want to see how good war is for the economy, visit the Balkans, or Rwanda. The example always used is WWII in the US. But again, all the incredible effort could have been channeled into something constructive.
Re:US report (Score:1)
Just experimenting
Re:question from a newbie (Score:1)
Moderate this up! (Score:1)
unjustified in relation to what? (Score:1)
I don't see where the use of cryto-tech has anything to do with the small-minded attitude that France takes towards anything and everything. Just because they finally got their act moving forwards as concerns crypto doesn't explain everything else they do. On the other hand, it's good to see the general direction this is going (for many countries). Natch I'm NOT suprised at the stand taken by the Canadian gov..all we need now is for the American gov to wake up and realize that honest citizens have rights too, and that there isn't a true correlation between the use of crypto and the likelyhood that criminals will "get away with *it*", whatever *it* may be..
Re:Key Escrow is Dead, Hurrah! (Score:1)
D.S. was (until mid-98) a very common (and unpopular...) poster to comp.security.pgp.discuss. He's been quiet recently mainly due to the fact that the c.s.p.d regulars upset him to often :)
Have a look at Deja for some of his final posts - they are quite amusing :)
Re:Information wants to be free! (Score:1)
Piss away your privacy, and watch the powers that be pick their teeth with the bones of you progeny.
Re:Restrictions? Duh! (Score:1)
The sale of drugs like heroin, cocaine, speed, etc. is highly illegal.
Re:Restrictions? Duh! (Score:1)
crypto software and/or code.
Export restrictions only difficult a "crypto
standard" for web-commerce, for example.
Re:question from a newbie (Score:1)
I Like Being Francophobic (Score:2)
Re:question from a newbie (Score:2)
Really, do you think anyone has the time to sniff through your network traffic for *one* credit card number? It'd be *much* easier to guess numbers at random for that much trouble. Not to mention the lure of finding an insecure web server out there, and retrieving a whole logfile full of CCs.
<heresy>I've personally sent CC info over the web IN THE CLEAR!</heresy> To date, I haven't seen any unauthorized charges on my statements. I can't say I'm really expecting to see any either. Worst case, a few phone calls to my credit card company will take care of them. Really, do you think the internet is any less secure than, say that shifty eyed clerk at the CD store? or your favourite restauraunt?
Tonga (Score:2)
Ahem... Cypherpunks Tonga [cypherpunks.to] is actually located in the Netherlands - anyone can buy a
----
Re:Key Escrow is Dead, Hurrah! (Score:2)
This guy should have a look at Stand [stand.org.uk].org.uk. :) my MP, who forwarded it to Jack Straw, who sent me a letter (ick, snailmail) back saying that it's "to track down criminals" and that I should go read the text of the RIP bill myself rather than rely on commentary.
I for one have done my bit - I faxed (GPG-signed
What he does not say is that for the sake of a few stupid criminals he's locking up the rest of the country - there can never be a Verisign in the UK if the government can demand keys/decryption. So much for e-commerce, then. Oh, and I note a distinct absence of open letter with point-by-point rebuttal of any of the "commentary", on Stand.
So IOW, the UK is just as bad (read "braindead") as one of these "communist countries" in the EPIC report.
Make of that what you may, but like hell will I be respecting politicians...
.|` Clouds cross the black moonlight,
~Tim
--
Better idea (Score:2)
Re:Be free to keep a secret (Score:2)
Hellooo? Encryption need not have anything to do with authentication, particularly of credit card information. Encryption and digital signing are two separate processes. Look how OpenPGP works.
Re:Information wants to be free! (Score:2)
No it doesn't. Information doesn't have a mind or a will. YOU want information to be free.
Why do you insist on giving information human charactaristics? You can not take away information's freedom. You can only take away a person's freedom to view information. I have a right to keep my information from you. This includes my email, my bank account, my medical records, and whatever else is mine.
Even my personal information? That's none of your business! If this is the true intent of the Free Software Movement, then I will oppose it in every way possible.
Only in your little dreamworld. Even the lack of surprise has never stopped war.
What you describe is a world similar to David Brin's Earth. The world describe in that novel was rather frightening. Sort of an 1984 meets the New Age. A world I would take up arms to prevent.
Re:US report (Score:2)
manipulating standards, recommending legislation, and imposing export controls. In the past several years, as electronic commerce has become an important aspect of the American economy, the US government has begun backing
away from these efforts, which have not been successful and had generated considerable controversy and opposition. ""
"Well, that's the story for the US. By the looks of things.. all things considered, they should be a "green light" in about 2 years. For crypto. The rest of our privacy laws are woefully lacking. In this respect, I consider the progress the
EU and it's member nation's to be making substantial progress - moreso than the US. For a country that prides itself on technical and economic superiority, it comes as a mild shock that we haven't been more quick to adopt EU-like
specifications to encourage e-commerce on a wider scale. "
Starting out a business is a rather risky and IMNSHO a very bad idea considering that about 80% of small businesses fail in their first 2 years of operation. Give me a full belly and a constant pay check to ulcers, panic attacks, and poverty thank you very much.
Maybe we don't have a large quantity of eCommerce is because people don't trust the system, don't want credit cards, don't want to risk everything creating some massive web site where you are just another face in the crowd. All the people I have ever known who even bothered with that much risk usually are not doing that spectularly well and are in fact suffering various side ailments because of it. Incidentally all of the so called businesses that I have seen that were operated by individuals instead of large companies failed rather quickly.
"I guess though there are some parts of our government which are more interested in "national security" than economic prosperity. All and all, an excellent paper, and one I'll definately be referring to when I set my web server(s) up in
the near future. "
That's nice. I don't suppose I will ever have need of such a thing. Massive risk is not in my blood and not something I take pride in at all. Over all I think that playing it safe is the best thing.
Could someone please tell me what data I have (that say any other "evil" company or goverment has that I haven't already given them?). Still even in most other countries the majority of the population have no need of such thing. Isn't there a way that for example one can specifically make a route for data to pass along that cannot be tapped? I think that there can be it's just that nobody has bothered in the least.
The United States is just protecting the rich and the powerful. Most of your average citizens don't know about or care that much about cryptography or eCommerce administration. I would also hazard that less than say 1% of slashdotters actually have anything that would need that level of security.
I have no network (cheap bastards at the phone company), no massive pile of "intellectual property" and don't do any financial transfers unless they are through groups like banks. Guess who's fault it is if the banks get robbed or theft occurs? Not mine. The bank is responsible.
Re:The downfall of Slashdot (Score:2)
And irrevelent posts too
"Slashdot.org used to be a quality news site with meaningful, relavent information. Now it is nothing but a trash hole filled with yesterday's news. I belive the "golden age of slashdot" ended because of two events: "
Ohh the golden age of slashdot huh? If you look at history there are good times and there are bad times. Never look at one bad time and make judgement on the good.
"The merger with Andover.net/VA Linux and
The implementation of moderation. "
Any objective critical analysis of this? Proof.
"
When you sold your site to andover.net, many people feared the worst: Taco had sold out. Initially, things were handled well and there was no obvious change in the management of the site. As time went on, however, many changes
occured, mostly bad. "
Maybe taco was going broke trying to pay for all the FPers and others who were wasting massive ammounts of bandwidth on his ISDN plus he was working quite hard. But I guess that dosn't mean a damn thing to you does it.
"For example, the topics now posted to slashdot are old and meaningless. Further, important events are often never writen about seemingly because your parent company is looking over your shoulder. In the past few months, the stock
prices of the big Linux companies(especially VA Linux) have tanked. This is news worthy of a topic. "
Strictly speaking there have been few editorials or news articles published by unbiased news outlets that have done analysis of stock issues. I don't own one share of stock of any sort so why should it bother me?
"More disturbingly, you seem to cover up events which do not reflect well on VA and your site. A few days ago when slashdot was down for half a day, there was no reason given. When people asked, you marked them down as
flamebait or off topic. In the old days, if slashdot were down for even 30 minutes, you would post an explanation. Did you forget this time? "
Quite literally why do technical difficulties rank so highly on your scale of thinking? Everyone has a few problems or they have difficulty in getting them solved.
Also do you really think that with how slow slashdot becomes at times that his original setup would have worked well at all? Just think about that for a moment. There is probably several million dollars worth of equipment outlays a year on slashdot I don't think many private individuals can say the same.
"Now to moderation which is turning out to be the nail in your coffin. You claim that moderation is not censorship but merely a filter that relevant information must pass through. Frankly, that is bullshit. Many on-topic posts are
moderated down simply because they disagree with open source dogma or are critical of Linux and VA. In many cases, if the downward moderated post were to say the exact same thing about another company(Microsoft), they would
be moderated up. "
Scores are meaningless if you just set your preferences to a value of -1. Everything is fine again and the world is sunny. I can see all the shit and all of the art all at once and never have to care about it at all.
This is back to a usenet philosophy. Many people (a great deal of them syadmins and people with fixed budgets with metered access to the net) want to try to get all the content they want at the lowest cost (time, money, sanity, take your pick).
I have routinely attempted to read all of slashdot's comments and have found it a rather formadible challenge to say the least.
"Now registered members of your site can view at any threshold they want to, but the default view for non-members is > -1. By moderating these anti-Linux posts down, you are preventing them from being viewed by the masses.
Thus, you have commited an act of censorship. "
Last time I checked you can change the threshold when viewing comments. This does allow for access to all data not some.
"The trolls don't like being censored. To prevent this, they simply post many messages so that they all can not be moderated down. If you were to get rid of moderation, there would still be the occasional troll, but you would not see
mass spam. The message, however unpopular or inane, would get through the first time. "
I don't know about that. Slashdot has seen a large increase in traffic since moderation took affect. Can you be sure now as your once were?
Also why should I care that whinny trolls are getting pissed? You know they simply could have comments deleted if enough people didn't like them in the first place. Then they wouldn't be there.
"Another problem is your moderators' lack of humor. Many times I have rolled on the floor laughing at a post marked down to -1. So what if someone makes fun of your mom? Personally, I find many of the "hot grits" posts to be
funny. Most should not be moderated down. "
The ability of the moderators to moderate has been tempered with the mass opinion of said moderations via meta-moderation that each and every registered slashdotter can participate in every 24 hour period. Works nicely if you think that the moderators (I have been one a number of times) are humorless.
What I think is that information is primary. Humor is secondary in life. That is what being a programmer is all about. Basically sitting in a chair and becomming a slave to information. If you don't like this then do something else (I am contemplating this. Maybe a stint in the Peace corps or something). Damnit this isn't Jimmy's Wacky/Laugh shack at http://www.giggle.com or something this is an informational site. I can get lists of yo-momma and red neck jokes at other sites. At slashdot I want news and nothing but news.
"I'm only going to say this once to you, Mr Taco: Slashdot is going to die unless changes are made. Here is the way to fix slashdot: Take it private. Being owned by a large corporation is influencing your reporting. You must find a
way to "buy back" slashdot from VA if you want to stay in business. "
Taco I think if you recall has total and complete editorial control over slashdot. Andover is just handing him some money and saying "Please don't call us bad names ok?". From a personal note I doubt that creating a slashdot site with the traffic this receives and actually be able to afford it. Come on I dare you. I bet malda would let you have access to the traffic load for maybe 1 day 2 tops. I think that after the firemen have finally put out the fire that was your computer cluster and your ISP has finally stopped being bombarded with massive traffic you will come to your senses.
Considering for what he sold slashdot for. Buying it back might be a little steep.
Look I know your pissed but calm down. If you can do something similar with less fuss then do it. I am waiting. Most of the slashdot clones are in fact crappy and receive far, far, far, far less trafic (you could probably run them off a 300bps modem with room to play quake III arena to spare).
Re:question from a newbie (Score:2)
I'd be willing to bed that for the highest level stuff one-time pads are still used. However, you make a very good point. There is no public knowledge of how to efficiently factor large prime numbers, but the NSA, who employs more mathematicians than anyone in the world, may have a way. Remember that the Brittish GCHQ actually invented Diffie-style key distribution and a system similar to RSA for implimenting it a few years before the academics did, but no one knew about this until recently.
So, yes, I suppose it's possible that some guy at the NSA invented a way to factor the numbers, but then again, are your communications something that the NSA would really be interested in? Somehow, I doubt mine are.
Re:question from a newbie (Score:2)
Doh! It should read, "there is no public knowledge of how to prime factor large numbers."
I feel stupid :)
Re:question from a newbie (Score:2)
The little yellow padlock icon alone is no guarantee of anything. It's best to check your browser to make sure you're running a 128-bit encryption version first before relying solely on the presence of a yellow icon.
--
Re:question from a newbie (Score:2)
Neither does American Express. Some joker ran up $10K on my Amex bidding on Ubid.com. Amex not only credited my account, they issued me a new card the same day (I did have to pick it up) and is apparently beating the tar out of Ubid with some lawyers.
In short, shop all ya want with Visa or Amex. If ya get ripped off, it's not your fault!
==
"This is the nineties. You don't just go around punching people. You have to say something cool first."
Re:Information wants to be free! (Score:2)
You really want everyone to have access to your Credit Card numbers, because that information "wants to be free?"
You really believe that nations without armies are better for it?
-pjf
Re:question from a newbie (Score:2)
Wise man say: be sure brain is engaged before putting mouth in gear.
"The axiom 'An honest man has nothing to fear from the police'
question from a newbie (Score:2)
Is publicly available cryptography strong enough for me to start buying stuff with a credit card on the 'net?
Or is it what I assume... that the cryptography's fine, but the weak link is in the software the OS or somesuch. (sort of like a padlock on a screen door)...
ps - i'm new at this, moderators be merciful...
Key Escrow is Dead, Hurrah! (Score:3)
"There is little international support today for key escrow encryption. It has been abandoned by most counties and is no longer enforced in the few countries where laws requiring its use still remain.
Does anyone else out there remember David Sternlight, the guy on c.o.e.t back in 1994 who ferociously defended Clipper as a Good Thing? What happened to him, anyway?
Torrey Hoffman (Azog)
Re:US report (Score:3)
And what part of the economy would that be? Is that the all-too-crucial overblown speculative-bubble part? I haven't heard of any e-companies that are in the black yet. How many points did Nasdaq drop when Microsofts stock crashed? Have I made my point yet?
The US likes other countries to take risky action first. That way we can see if it works and then implement it ourselves. We avoided socialized medicine and related fiascoes that way. If we have an interesting idea ourselves we try it out on the state level. Again, there's less risk of a major fiasco.
The US is always more worried about national security because it still believes its the bastion of democracy. Also, most of Europe didn't have to worry about national security too much because they had large numbers of American troops on military bases on their soil. It shocked me to find out that many European countries (like Germany) don't have professional standing armies, but its true.
Also most European countries are the size of American STATES. France is the size of Texas. Shouldn't they be capable of moving faster on things than the US?
Re:question from a newbie (Score:3)
Publically available crypto is very strong. Anything based on an RSA public key scheme is extremely hard to crack (that includes SSL (secure web transactions) PGP (for your email) and SSH (for telnet)). Keep in mind that while it's possible that the government could figure out efficient ways of factoring numbers on the order of 10^350, I seriously doubt it. (Why would the feds have harassed Phil Zimmerman so much if they could crack PGP?) Anyway, properly encrypted stuff is certainly safe from nefarious evildoers or terrorists. If you start doing credit card transactions on line, keep in mind that the information is only as safe as the business establishment and the credit csrd companies keep it - just like using your credit card in meatspace.
Be free to keep a secret (Score:3)
I'm sure that there are plenty of Credit Card thieves out there who would be overjoyed to hear this attitude from their victims... er, clients.
I don't know about you, but I would be just as happy if certain information is not publicly available for anyone who wants to view it.
Gonzo
Re:question from a newbie (Score:3)
The threat isn't that your card will get compromised in route (today), but rather that the company you are buying from will be storing your credit card number on a publicly reachable server running an insecure service.
If you'd like to learn more about how crypto works, and keep up to date on it, I'd recommend checking out www.counterpane.com [counterpane.com] (where Bruce Schneier will tell you to buy Applied Cryptography (which is a good read, and makes a good armrest, too).
Information wants to be free
Microsoft cares about your privacy (Score:4)
From the section of the report concerning the state of US law, the following notable paragraph illustrates a trend:
If they can't get the laws they want, just make sure that the dominant OS has backdoors in it. I feel so secure.
Restrictions? Duh! (Score:4)
Re:The downfall of Slashdot (Score:4)
Ok, I'm a relative newbie at Slashdot. I haven't even been actively posting here for a year yet. I can't talk about the golden age of slashdot or any of that crap. I moderate when I'm chosen. I try to do a good job and sometimes I screw up. Sorry.
As for the "sold-out" comments, thats pretty much crap. I don't see any instances of /. censoring the articles it posts. I haven't seen any articles on how great Andover and VA are. I haven't seen any on how they suck. For the most part its a non-issue. /. is owned by a big corporation to pay overhead. Deal with it. If anything Taco is probably so sensitive about the whole thing that he's avoiding all related issues for fear that he isn't objective.
As for you comments about the signal to noise ratio and moderation, they seem to contradict.
You don't seem to share the group opinion on what constitutes noise. Grits posts aren't noise but Portman posts are? Who's to say? You mister "censorship is wrong"?
I like moderation in many ways, if I don't have enough time to read a lot of posts I can read at 3 and get the "good" ones. The noise drops out almost entirely. If I read at -1, then I get a whole hell of a lot of noise. What's your solution? Stop moderation but let every post? That won't take care of the noise problem. Only let certain people post? Well thats the same as the censorship you were criticizing isn't it?
Now on to my slashdot rant:
At the core of a website that supposedly champions the rights of the individual, we have the moderation system. The moderation system has one great flaw. It systematically allows for oppression of the minority. Have you ever posted a reply which went against the /. group ethic? Were you surprised when it languished at 1 while all the party-liners got 2s or more from replying to it? Were you even more surprised when you realized that their posts weren't even well written when you took an hour to compose yours?
Moderators are only able to be checked and balanced by other moderators. For all intents and purposes there is no community conscience or objective party to reign them it. Moderators for the majority party-line will moderate up posts they like and moderate down posts they don't. It happens even though it shouldn't. Minority moderators don't have enough points to moderate party-line posts down and they lack the numbers to moderate their own good posts up against the wishes of the majority.
In short, there is a glass ceiling that all but the best minority opinion posts can't break. Sure moderators should be objective, but they aren't. It shouldn't be a conflict like this, but it is.
I unfortunately do not share the average /. readers views on many social issues. And my karma suffers for it. This combined with what seems to be an increasing percentage of YRO stories is killing me. Oh well, I'll suck it up and deal. I honestly can't come up with anything better than the moderation system, except possibly making it easier to refer abuses to Taco, etc. for summary judgement.
Re:question from a newbie (Score:4)
The really paranoid answer would be: "To give us a false sense of security". Or, to apply Hanlon's Razor, because the fact that a law might have been broken triggered a reflexive response in the hard-wired brains of some particuarly clueless federal droids.
Remember that public-key crypto is based on the unproven assumption that there is no efficient method to factor the product of two large prime numbers. A good indicator of how secure NSA thinks public-key crypto is would be to find out if they use it for really sensitive communications. (Somehow, I doubt that they do)
My gut feeling is that NSA can crack 128-bit encryption if they want to, but not for large volumes of traffic. Given the fact that the EFF cracked DES in 4 days with 100k in hardware and a few weeks worth of engineering, I'd wager a weeks paycheck that NSA can crack mountains of 56-bit DES traffic in real time after ~48 years of research and countless billions in hardware.
The question isn't really "Can NSA crack strong crypto?", but rather "How long does it take NSA to crack a strongly encrypted message?" and "How many strongly encrypted messages can NSA crack simultaneously?"
"The axiom 'An honest man has nothing to fear from the police'
Information wants to be free! (Score:5)
Encryption, shmencryption I say. It's a known fact that information wants to be free, and encryption is only one of many ways to stifle this freedom. When you encrypt something, whether it's your email or your grocery list, you are taking away that information's "freedom", and what's more, other people's rights to that information. In an era when Free Software flourishes, it is only fit and proper that Free Information takes a similar path. Much as you must work to make sure that your software stays Free, you must work to keep your information Free.
Encryption is akin to copyright, and thus censorship, in this regard: you are creating a privileged class of people who have the "right" to obtain your information. This system is the antithesis of what we in the Free Software Movement have worked for for years: open access to everything, at all times. If Free Software is the only moral software, then it follows that Free Information is the only moral information.
Just as in a state in which there is only Free Software there is no software hoarding, in a place with only Free Information, there will be no secrets, no plots, no jealousy. There will only be a new era of Freedom and Learning. Imagine if you were able to peer into the collective knowledge of millions: what you could learn, what you could discover. Encryption is a form of censorship which is directly opposed to Freedom. You don't need it.
But what about state secrets and military information, you ask? Without them, there is no need for the military: all nations will know what each other is planning, and all will be too afraid to act without the element of surprise. With no military, the government which it exists to back will disintigrate. All nations will work together without the posion of nationalism to infect them. Only with Free Information can this be achieved.
Just keep in mind that the only choice for Freedom is Free Information.
US report (Score:5)
Well, that's the story for the US. By the looks of things.. all things considered, they should be a "green light" in about 2 years. For crypto. The rest of our privacy laws are woefully lacking. In this respect, I consider the progress the EU and it's member nation's to be making substantial progress - moreso than the US. For a country that prides itself on technical and economic superiority, it comes as a mild shock that we haven't been more quick to adopt EU-like specifications to encourage e-commerce on a wider scale.
I guess though there are some parts of our government which are more interested in "national security" than economic prosperity. All and all, an excellent paper, and one I'll definately be referring to when I set my web server(s) up in the near future.
I gave up moderation to post this reply. (Score:5)
You claim that moderation is not censorship but merely a filter that relevant information must pass through. Frankly, that is bullshit. Many on-topic posts are moderated down simply because they disagree with open source dogma or are critical of Linux and VA. In many cases, if the downward moderated post were to say the exact same thing about another company(Microsoft), they would be moderated up.
Who is a moderator? A moderator is any random
Moderation cannot be censorship because it is performed by a cross-section of the registered users on Slashdot. If you are not registered (which is free) then you do not have the rights that you may desire. Take a website that did not have accounts, yet had open posting without moderation; www.segfault.org
This tech-linux-humor site was great until the Natalie Portman epidemic broke out. Sure, the trolls were listened to, but did they stop? No.
Segfault is now a humor site that is dying (just about dead). It is dying because it no longer allows posting by the users, and it is lacking the traffic as a result.
How does a site remain free (as in speech) while getting rid of all the trolls? Simply have the users LOG IN! I have my threshold at 1, and it helps out a ton!
Moderation can be abused by the moderators (moderating down anti-linux stuff) but as long as there are registered users reading
Moderation works, my advise to all that are bothered with moderation is to set up an account and log in when you read Slashdot. You will be heard. Furthermore, if you notice that you have moderator access, USE IT!
It is a very important tool to the success/demise of this site. If you want to enjoy what you read, use your moderation rights!
Re:question from a newbie (Score:5)
1) You are only liable for $50 if your credit card is used fraudulently, i.e. if someone steals the number and uses it without your permission.
2) Every time you hand a wait(er/ress) your card in a restaurant, they can steal the number REALLY easily. Same with every other shop that you use your card in. Anytime, anywhere.
Given those, I wouldn't worry much about the security of online transactions.
Regardless, the publically available encryption is FAR more than secure enough to protect your card, especially with its tiny limit. (no offense--I just doubt you have a $10M limit, which might make it worthwhile)
On the other hand, do the browsers use particularly secure encryption? Not great, and outside the US, not good at all. Also, lots of sites are badly written or designed, are full of security holes, etc. There's no guarantee of safety no matter how good the encryption is, because as often as not, the encryption can be bypassed.
But go back to #1 for a second. That $50 limit is pretty reassuring, and you can only be held liable for that under certain circumstances. If there's a massive and documented theft of a thousand numbers, then you probably won't be liable.
So relax, but don't be stupid about giving out your card #. In other words, buy from companies you trust--after all, the easiest way to defraud people is to actually run an 'ecommerce' website where people will send you cards!