hacker news with inline top comments    .. more ..    9 Jun 2013 Best
home   ask   best   6 years ago   
1
Confirmed: The NSA is Spying on Millions of Americans eff.org
1179 points by FlemishBeeCycle  2 days ago   443 comments top
1
digitalengineer 2 days ago  replies      
Dutch person here with a little insight what's to come for you guys. Some information about our tiny little country (in Wester Europe, very pro-US) with just 17 million people.

Our government listens in on more calls every year than in the whole of the US combined. All our telecommunications providers are forced to have the capability to intercept all traffic (phone and internet). Encrypted data must be stored for an unlimited time to facilitate possible decryption in the future. Our 'Team Digital Expertise' developed software that profiles social networks on which a suspect operates to use it in order to gather crime-related information.

Our police buys TomTom software-data to see when and where they can get the maximum amount of money if they photograph speeding drivers. (Safety is not their first concern, money is). Local and national police now use drones. The army is training how to spy on it's own civilians.

Our 'Camera Surveillance Act' allows images to be retained for up to four weeks and also facilitates the use of cameras for law enforcement purposes, whereas before the main purpose of camera surveillance was keeping public order. They're working on a pay-per-mile car tax system but activating it stopped when it turned out they were collecting more (personal) data than was technically needed to run the system and using the data for purposes other than those for which was collected. Every important road is viewed by camera's with license-plate scanning software. You can travel by public transport but a special card with chip and login/logout is required. You can purchase one without your name and address but you can only add money to it using your bank-account. The system tracks all travelers' movements (departure and end points for each leg of every journey), in most cases combined with the traveler's identity. It retains the data for seven years.

Our Dutch passport contains both fingerprints, facial recognition and RIFD. Every large city center is equipped with camera's with powerful microphones. Our Minister of the Interior announced plans to also store the biometric data in a central database. Dutch hotels are breaking data protection laws by photocopying guests' passports and identification cards because they are required by our government to do so.

The 'Electronic child file' records a child's development and environmental indicators from birth. Teachers are forced to build a profile of every child in their class along with a description of his/her family's situation. It received local media coverage when it turned out doctors are even recording when a child starts getting pubic hair. The government is also actively building a electronic patient file, containing all medical details of every person. Because of the workload they have asked insurance companies to help building this. (That got a lot of people's attention).

Privacy? There is no such thing.

Source: https://www.privacyinternational.org/reports/netherlands

2
US intelligence mining data from 9 US Internet companies in broad secret program washingtonpost.com
956 points by donohoe  2 days ago   383 comments top 2
1
kevinalexbrown 2 days ago 8 replies      
I've lived under surveillance before, so I feel my perspective might be somewhat appropriate. I won't comment on the specifics (uninteresting and irrelevant, had to do with where I was living). I won't even make a statement about whether it's justified in my case or in general. I'd just ask everyone here to do one thing:

Watch this, then ask yourself how you feel (if it doesn't go directly to 6:40, fastforward to it, then watch for 30 seconds):

https://www.youtube.com/watch?v=QwiUVUJmGjs&feature=yout...

I understand about various interpretations of "collect", "intercept", "analyze", etc. Just watch the video, and ask yourself how you feel. Please know that I'm not telling you how to feel, just providing a small snippet of a conversation. Why do you feel that way, and what does that feeling say about you, or your society?

Originally found in a comment: https://news.ycombinator.com/item?id=5835025

2
frisco 2 days ago  replies      
I think it'sinteresting to ask why these programs are so widely hated.

These are national security assets: evidence gathered here will never be used in a drug case, or a tax evasion case. Why not? These tools exist for the bigger fish: the dozens of Soviet-era nuclear weapons believed to be missing, or the small amounts of dangerous pathogens that periodically vanish from research labs. These are what the government is worried about, and they're not going to risk revealing their methods for something lesser.

Warren Buffet has predicted a major nuclear terrorist attack on an American city to be a "virtual certainty" given enough time.

Ok, but no one here is going to argue that stopping terrorism is bad: the problem is in how we define terrorism. What happens when the definition becomes progressively wider? What counts as "terrorism" is political, after all.

It's important to remember that we still have a functioning democracy. If you -- Hacker News reader -- decided to run for congress tomorrow, you might not win, but you won't be killed, sabotaged, or secretly blocked. While some individual politicans may be corrupt, the system broadly is not. These programs are enforcement mechanisms; the laws themselves are still made by the people, and maybe corporations. While we as a population may argue about social issues like gay marriage and abortion, our government is not fascist.

Further, I take these programs as a great example that security is much harder to create than it is to destroy. Extreme efforts such as these may still be insufficient to prevent New York from being destroyed by terrorists. In that case, the acts of a few crazy people still overcame a monumental effort by the entire intelligence apparatus. What does that say about the time Hacker News is so afraid of, when it's more than only a few crazy people that the government is "worried about"?

Should these programs exist? I don't know. I'm as worried as anyone about the scope creep. I'm willing to accept a level of inherent danger with living in a free society. However, do not forget that we can't see NSA success stories. I might be willing to accept a risk of periodic car bombs, which while tragic are not statistically significant; however, if PRISM is actually effective at tracing and intercepting Soviet nuclear weapons, I can see multiple sides of this issue.

We have rights to privacy and protection from unreasonable search and seizure. Those rights were created to prevent unfair loss of life, liberty, and property. These programs, hidden in the background, don't inconvenience you, or lead to loss of freedom or property. Is privacy good? Of course. But the incentives the intelligence apparatus have to not use any data collected here against anyone for reasons less than "real" terrorism are strong enough, that I think it's not open-and-shut.

3
Cowards uncrunched.com
706 points by kevinwmerritt  23 hours ago   215 comments top 3
1
edw519 13 hours ago 2 replies      
First they came for the terrorists, and I did not speak out--Because I was not a terrorist.

Then they came for the whistle blowers, and I did not speak out-- Because I was not a whistle blower.

Then they came for the illegal aliens, and I did not speak out-- Because I was not an illegal alien.

Then they came for the hackers--and there was no one left to speak for us.

2
tokenadult 14 hours ago 2 replies      
Rather than calling anyone a coward, I will acknowledge that standing up for freedom is never easy. I know through direct personal acquaintance people who spent hard prison time during Taiwan's transition from dictatorship to democracy, who were arrested after leading peaceful public protest demonstrations of the kind that happen every day here in the United States. I have seen what kind of sustained effort--and, yes, individual courage--it takes to move a society from a default condition of tyranny to a default condition of freedom and rule by the people.

Rather than name-calling, let's learn how to fight for freedom. I posted yesterday, to NO upvotes,

https://news.ycombinator.com/item?id=5840000

a link to the free online book From Dictatorship to Democracy: A Conceptual Framework for Liberation by Gene Sharp,

http://www.aeinstein.org/organizations/org/FDTD.pdf

an experienced activist and supporter of people power democratic movements that originated under some of the world's toughest dictatorships. We can learn a lot more from him and his writings and those of his collaborators

http://www.aeinstein.org/organizationsde07.html

than we can learn from anyone on Uncrunched or TechCrunch or any high-tech publication about how to win freedom even while under intense pressure from dictators. Try it. Don't decry anyone else for lacking courage. Build up your own courage. Build up your own effective communication with other freedom fighters, so that the movement for freedom has solidarity, unity of purpose, and resilience. Roll up your sleeves and get to work. (Anyone can participate: as a foreign student in Taiwan in the early 1980s, I was able to turn Chinese-language speech contests for foreign students into opportunities to express dissent from the dictatorship in the hearing of government officials of the dictatorship. This just takes courage and preparation.)

3
jmduke 22 hours ago  replies      
There's a meme on Reddit that revolves around 'so brave': basically calling people/posts/comments out for obvious pandering.

This reads like a pastiche of Keith Olbermann, all bravado and empty gusto. Arrington writes:

What has these people, among the wealthiest on the planet, so scared that they find themselves engaging in these verbal gymnastics to avoid telling a simple truth?

and then acknowledges that doing so, if it meant breaking FISA, is illegal.

Because their lawyers might be telling them what they are required to do. But their soul should be telling them what they must do.

What the hell does this even mean?

Listen, I completely agree with the central premise that we need to have an actual conversation both about privacy in the age of Facebook and the Kafka-esque way the U.S. government has engineered these catch-22 gag orders. But given Arrington's experience both with AOL and with the overall notion of privacy, I'd expect something with a little more substance and perspective.

4
Larry Page addresses PRISM googleblog.blogspot.com
675 points by raldi  1 day ago   437 comments top
1
chrisacky 1 day ago  replies      
I can't understand the repeated use of "direct access". It's the kind of language a lawyer would use to qualify a patent clause.

- We do not provide direct access to our servers.

- We do not provide direct access nor is there a backdoor.

- O, but we do still pipe all of your data to external NSA servers. </sarc>

Every company named (I'm not just picking on Google here) has come out with the same overarching statement. "We do not provide direct access". It just smells of being rehearsed, and carefully coordinated to select such language.

5
Are coders worth it? aeonmagazine.com
675 points by Libertatea  2 days ago   299 comments top 5
1
sologoub 2 days ago 7 replies      
This article seems to be missing a parallel that was drawn previously many times. PG has written on the subject, and so have others.

The closest parallel we can draw between "coders" and the distant past, is that with the artisans of the middle ages. Aside from the landowning nobles, the artisan class was probably the closest thing to a true middle class. Many advanced to upper-middle and later became the industrial nuevo rich.

The reason that this parallel works, is that the artisans were able to make something coveted out of what looked like a pile of junk (or less usable) to others. What a software developer creates with a few keystrokes looks to the lay person now as "magical" as creating a sword out of a pile of rocks looked to a lay person a thousand years ago. They get the general concept and see the value, but they have no idea of how it actually happened and cannot repeat it themselves.

By today's standards, most of what artisans of old made is not very desirable if it is made today (antiques not withstanding), hence only very few "artists" are actually paid well. Most people engaged in artisanal work are now in what we call 3rd world countries and make zilch. The reason behind this, is that technology has progressed and most of this stuff can be made faster, cheaper and more consistent by a manufacturing process. Today, we can take the best artisan of old, and copy him/her a million times over to produce the same trinket, with little extra expense.

Software engineering has not yet gone through a true manufacturing disruption. We cannot put software on the kind of assembly line/stamping process we can with say door hinges or other metal works that used to require a skilled blacksmith. That doesn't mean it won't happen some day.

We are constantly trying to go the direction of commoditizing complex problems. Looking back 30-40 years, the efficiency of tools we use has gone way up. Today, a developer doesn't have to write many components from scratch (unless he or she wants to). Most of what makes an application can be taken of the shelf, and modified to fit. For consumer apps, design is also where a lot of work goes in to.

This modification or molding process is a major barrier to having a true manufacturing process in place because the quality of the modifications depends on the individual skill of the person making it. A mistake made early on can bring a future company to it's knees and derail projects years after it was made. For example, a faulty data model that is let to grow to terabytes of information. Many companies choose to through money and computing resources, rather than risk a costly migration.

When we have sufficiently advanced to the point where such mistakes do not depend on an individual and the automation process can take care of it, the value of the software engineer as we know the profession today will diminish greatly. But then again, I'm sure the profession will evolve as well.

2
nilkn 2 days ago 4 replies      
Oh boy, I have a lot of comments here, most of them in agreement with the article but not all.

According to all the anecdotal knowledge I have, my conclusion has been that currently software engineering and chemical engineering are tied for the locally optimal career choice for those with a four year degree or less. While some college graduates (or dropouts) will go become billionaires, as a general rule, it is quite hard to do better in a career without further education than you can with these two types of engineering.

Software and chemical engineering also both have their own "meccas": SV for software, Houston for chemical. Google/Facebook/etc. for software, Exxon/Chevron/etc. for chemical.

That said, anyone who thinks software developers are on the verge of being overpaid should consider how low developers (and most workers) are on the overall wage ladder. Maybe $150k sounds high to the typical person born and raised in the middle class, but that's pennies compared to the typical salaries in the true upper class. Moreover, the majority of developers making salaries around that number live in the most expensive cities in the country, not the cheaper ones.

As a general rule, software developers are in the middle class or upper middle class, but not the upper class. Of course, it depends on your definition of the various social classes. If you define it as the one percent, you'd need to make about $350k. If you define it as those whose primary income derives from investments rather than salaries, then even that is not nearly enough.

What's an example of something close to an "upper class career"? Some but certainly not all doctors would make it. Family physicians wouldn't be close (they're about the same as engineers in the end), but specialized academic surgeons will make $500k-$1M/year. At many universities with medical schools, the top surgical faculty will make about double the president of the university.

A successful trader of financial assets can make seven figures. This is almost common on Wall Street, but it happens elsewhere. The youngest billionaire in Houston right now made his fortune from Enron: he was a trader of energy derivatives and after making the company some $75 million one year he was awarded about an $8M bonus. He then started his own energy trading firm and went on to make a few billion.

A partner at McKinsey, the management consulting firm, will make seven figures in total compensation. A partner at any major law firm will make the same.

These aren't extraordinarily difficult careers to get into. Becoming a surgeon is mostly about planning ahead and dedication. Becoming a partner at a firm is just about putting in the hours for years. Literally anybody on Wall Street will make $100k minimum unless they're like a receptionist, and from there you can work your way onto the trading floor.

And let's not even talk about top business executives, who put all those salaries to shame. And contrary to popular belief there is a reasonably effective method towards becoming such an executive: Harvard/Wharton MBA, consultant at McKinsey, eventually hired by a company you consulted for. That's how Skilling got on as CEO of Enron. That's how my friend's dad, a CEO making $4M/year, got his job. Etc. There are tons of examples of it.

It happens all the time. Most people just don't know about it. Many people often think it's all luck getting into the upper ranks of the executives, but that's because they think it's done by choosing a company at a young age and working there for 20+ years. That's not how it's done in general. It happens occasionally, but you have to network your ass off for decades to make that work. But if you're a consultant, then you'll be hired by the top executives to help them solve problems. You just skipped all the lower ranks thanks to just a few years of business school. (This doesn't work with an MBA from anywhere but the most prestigious schools.)

In short, there are a number of careers where at your peak you'll make not a six figure salary but a seven figure salary. If you think back to how long the phrase "six figure salary" has been in use, you'll realize that, with inflation, a seven figure salary is quite accurately the new six figure salary in expensive cities like SF and NYC. People in these cities who aren't making such a salary are often willfully ignorant of this fact. They want the prestige of a "six figure salary," even though their buying power is an order of magnitude less than what that phrase originally referred to.

3
grey-area 2 days ago 9 replies      
Wonderful writing, I loved the way it circled several times around the central issue - the value of work, and I particularly liked this conclusion - much validation and reward in our society is driven by how much people are willing to pay you for your chosen work, and it's very hard to separate your self-worth and confidence from that. It's hard to reconcile when your values don't meet those of the people around you, as expressed in the salaries for various jobs, which vary wildly without much sign of reason or relation to what society ostensibly values. I think what he's trying to get at is why we overvalue these jobs, which on the face of it are not particularly rewarding either to society or the individuals doing them (apart from monetarily). If you ask people in the street whether we need another Facebook, most would say no, and yet we have hundreds of inchoate and uninspiring replacements being worked on and funded right now, so it's hard to see where the demand is coming from, or why this work is valued so highly, and whether it is in fact a bubble which will burst.

Going back to 17C Holland there was probably a huge demand for market traders able to distinguish fine differences in and trade tulip bulbs, until all of a sudden there wasn't - this is the kind of illusory value the writer posits for today's fted startup web workers. I'm not sure I entirely agree, but it shouldn't be dismissed out of hand, because he's not just saying it's unfair, but that it may be unjustified.

The price of a word is being bid to zero.

This sentence near the end cuts to the heart of the matter for me - for writers or other producers of original content like photographers there is a cruel and dismal comparison to be drawn between the wages of those paid to frame content and present it to the world, and the wages of those who produce the content. The creative content (writing, photography, art, travel guides etc) is all in demand, but no-one wants to pay for it, perhaps because it's so easy to produce something yourself, and so hard to distinguish the fine differences in quality which separate a remarkable piece of writing or photography from the mediocre.

4
d4nt 2 days ago 4 replies      
The value of a lot of these apparently lightweight B2C apps is derived primarily from the attention that they get from their users. If you can build something that gets attention, then that's worth a lot of money.

In a world where people are spending less and less time watching TV there is now a huge imbalance between corporations who have lots of money and want attention, and huge numbers of people with smartphones and limited attention spans. It's like a thunderstorm, all these electrons trying to get to Earth, then suddenly, Bang! Instagram. These valuations, and the developer salaries they fuel are just a by-product of all that money trying to get from point A to point B.

Google got huge by inventing one new channel for that money to flow through. And a pretty brute force one at that: You searched for "laptop" here are some ads for laptops... It's still ahead of everything else though, which is basically a re-implementation of the old TV campaigns but on the web. If someone could only figure out how to show you laptops just before you thought of searching for laptops, then they would be even bigger than Google.

5
willholloway 2 days ago  replies      
Am I the only one that wants coders to stop feeling guilty and devaluing themselves?

The plumber analogy is off base. Web development is incredibly more complex than plumbing in a home. Importantly, web development changes extremely fast while plumbing is largely the same as it has been for decades.

The web and the developers that have created all of the sites and apps on top of it has added tremendous value to our economy and world. Web developers have streamlined almost the entirety of our lives and created enormous productivity gains.

The things that we create may seem trivial to us, but are fantastically valuable to society.

Jet packs and flying cars were always a terrible benchmark to measure human technological progress against. Iterative improvement has created a world of fantastic possibilities.

Good development is hard, and requires a lot of knowledge. Value yourself and feel good about what you are doing.

6
The NSA story reinforces why an entity like WikiLeaks is important gigaom.com
664 points by cdooh  2 days ago   64 comments top 11
1
GabrielF00 2 days ago 11 replies      
I don't agree. The traditional news outlet that broke this story (The Guardian) has a lot of advantages over WikiLeaks. It has experienced reporters who understand the issues involved. It has a well-known and respected editorial process that can weigh the consequences of a leak versus the potential value to the public. It has a process through which the public can contact the organization and correct errors. When WikiLeaks put out the cables I noticed that there was one cable where they redacted the names of people who had met with US diplomats from the body of the document but not from the title of the document. I looked very hard for any way to contact WikiLeaks to get the matter fixed and found nothing - their website suggested that people interested in providing feedback contact human rights organizations or a couple of law firms in the UK. On the other hand, traditional journalists typically post their email addresses and twitter handles and will often respond to queries.

Yes, the administration is aggressively challenging leakers, but newspapers have a long, successful history of defending their first amendment rights in the courts. Nor is it clear that a UK-based newspaper such as The Guardian would be subject to Justice Department subpoena's or prosecution.

WikiLeaks, particularly under Julian Assange, has demonstrated a complete lack of transparency and biased reporting (c.f. the Collateral Murder video). I have a lot more confidence in, say, The New York Times or The Guardian than Wikileaks.

2
pinaceae 1 day ago 0 replies      
Doesn't anyone wonder HOW the Guardian got access to those documents? Not only classified, but also to not be shared with foreign allies.

Conspiracy theory:If I were a Chinese official whose team obtained a truckload of these docs - and given the recent rhetoric coming out of Washington, wouldn't that be the perfect punch in the nuts?

3
rdl 2 days ago 1 reply      
Keeping the data available once someone leaks it has never been the problem (at least, not since the early 1990s). The only value of something like Wikileaks is in sourcing leaks, either by socializing the "whistleblower" values to make leaking more likely, or providing anonymous communications channels and scrubbers to make leaking safer.

In reality, Wikileaks actually set back government accountability -- PFC Manning going to get life, the whole drama related to Julian Assange, rape, and hiding in an embassy, the internal political strife within the organization, etc.

4
webXL 1 day ago 0 replies      
Or, the NSA story reinforces why limited government is important.
5
surferbayarea 2 days ago 4 replies      
Lets look at the issue more deeply.Consider the other end of the spectrum: Say the govt collects no data, no surveillence at airports, no wiretaps, no monitoring of any online channels.Are we ok having our 'privacy' at the cost of security? The sad reality of our world is that there are terrorists, and they need/use things like email/chat/online forums/regular phones for communication.

So the question is where do you draw the line on what is acceptable/not.

The question needs to be looked at a deeper level. Sure, collecting data and having machines do data mining on it is not an invasion of privacy. Thats what these companies do anyway! What defines invasion is the usage. The Fourth Amendment needs a revision to account for the new reality.

Only acceptable use of data should be for detecting patterns that correspond to national/international terror threats.

Unacceptable uses of private data:- if you are evading tax and the government finds out, this data cannot be permissible as evidence in court and/or used to prosecute.- if you committed/planning to commit a crime, this data cannot be used as evidence or to prevent it- the data in general cannot be used as evidence in a court of law or for taking any form of civilian action against an individual

So there is a need to look past the blind 'down with big brother' attitude and decide as a society where to draw the line!

6
andrewcooke 2 days ago 0 replies      
the article is full of links, but they're all to newspapers, not the actual sites discussed?! and it won't let me comment without digging up some ancient wordpress account. but the org referred to is "freedom of the press foundation" whose site is https://pressfreedomfoundation.org/
7
sigzero 2 days ago 1 reply      
I don't agree with that statement at all.
8
washedup 1 day ago 0 replies      
Agreed. If this surveillance is going to happen, it needs to be a two way street. We should be allowed to know how it is being used and when we are individually being tracked.
9
NIL8 1 day ago 1 reply      
Curious....

I saw a BBC story about Assange that mentioned his mysterious original programmer. It stated that the original programmer and Assange's co-founders left him to create another Wikileaks-like site.

Does anyone have a URL for this new site?

10
adamconroy 2 days ago 0 replies      
I agree but I'm not sure I want to post that on a public forum (I assume the NSA is parsing HN).

Doh!

11
tn13 1 day ago 1 reply      
Things could go either way. Wikileaks just a hipster. It opposes for sake of opposing and it embarrass for the sake of embarrassment.

For all you know wikileaks might be assisted by China.

7
Seriously.js seriouslyjs.org
621 points by Aissen  3 days ago   181 comments top 8
1
mshron 3 days ago 5 replies      
Finally a demo that doesn't make me think "Wow, the web has really caught up to the 1995 desktop!"

Maybe if you're already an after-effects wiz this doesn't seem as magical, but it certainly felt like magic to me.

2
brianchirls 3 days ago 4 replies      
Hi, I'm the person responsible for/guilty of this. Thanks for the comments, everyone. My sympathies for the BSOD.

Please keep the bug reports and questions coming. I'll try to fix/answer what I can.

3
beggi 3 days ago 4 replies      
IN JS? This is so cool. Also: fun to compare the raw video to the original: http://www.youtube.com/watch?v=12zJw9varYE :)
4
tqs 3 days ago 1 reply      
The technology used here to do the image processing is GLSL, in particular fragment shaders (aka pixel shaders). GLSL is a very small C-like language that's become a standard for GPUs. GLSL code gets sent (as a string) to the GPU by javascript via the WebGL API.

Seriously is a JS library for handling the boilerplate of WebGL, composing and compositing multiple shaders in a pipeline/graph, and adjusting their parameters. In addition it comes with a bunch of pre-written shaders.

Shaders themselves are a lot of fun to write, IMO. A pixel shader is just a function that computes a color given an input pixel location. (A shader can also take in additional input such as "textures" to sample from, e.g. a video frame.)

The shader is run with massive parallelization in the GPU. In theory every pixel can be processed simultaneously. This is how these effects can run in real time.

Here are some more examples of what you can do with pixel shaders (including sampling from the webcam in the browser -- should work in Chrome and FF),http://pixelshaders.com/examples/

I'm in the process of writing an interactive book about pixel shaders,http://pixelshaders.com/

5
kmm 3 days ago 1 reply      
Impressive! It's really amazing to see how OpenGL can enrich the web if it's used right. A few years ago I'd never have guessed shaders could be used in a browser.

I have little experience with Javascript projects, so can I ask why the name Seriously? Wouldn't a more descriptive name cover the contents? Also, why is the main source file 4K lines long? That's a little off-putting.

6
danielweber 3 days ago 10 replies      
"Sadly, we are unable to get Seriously.js to work on your computer. Sometimes WebGL gets a bit weird with certain graphics hardware and drivers. Please have a look here for more information."
7
joezydeco 3 days ago 5 replies      
Wow, I've never seen all 4 cores in my machine simultaneously spin up to 90% before. Nice trick.
8
randall 3 days ago  replies      
This is the sort of thing we're working on at Vidpresso. If this impresses you, and you want to build stuff like this... we should be friends. Contact info is in my profile.
8
Obama: No warrantless wiretaps if you elect me (2008) cnet.com
572 points by bconway  1 day ago   299 comments top
1
edw519 1 day ago  replies      
"I have solved this political dilemma in a very direct way: I don't vote. On Election Day, I stay home. I firmly believe that if you vote, you have no right to complain. Now, some people like to twist that around. They say, 'If you don't vote, you have no right to complain,' but where's the logic in that? If you vote, and you elect dishonest, incompetent politicians, and they get into office and screw everything up, you are responsible for what they have done. You voted them in. You caused the problem. You have no right to complain. I, on the other hand, who did not vote -- who did not even leave the house on Election Day -- am in no way responsible for that these politicians have done and have every right to complain about the mess that you created." - George Carlin
9
Donate to the EFF eff.org
535 points by il  2 days ago   35 comments top 16
1
mtgx 2 days ago 2 replies      
Also, you may want to support this new bill that will be introduced by Sen. Paul, tomorrow (call your senator to vote for it, etc):

http://reason.com/blog/2013/06/06/rand-paul-to-introduce-fou...

2
dreamdu5t 2 days ago 3 replies      
I might be cynical but you cannot lobby against this. The only way you can avoid being watched is to actually take technical countermeasures to prevent being watched.

What good is donating to the EFF when they have no power to stop the CIA/NSA from doing this?

3
ericd 2 days ago 0 replies      
Thanks for the reminder to get this set up again (they could probably use some help getting payment expired emails set up, or if they have them, I never saw them). In for $25/mo.
4
marcuswestin 2 days ago 0 replies      
@il, thanks for posting this.

I'm now donating $10 per month, and consider it money well spent.

@Everyone: Tag along and sign up for a monthly donation!

5
lizzard 2 days ago 0 replies      
I already donate, but I feel suddenly like donating more...
6
polymatter 1 day ago 1 reply      
If I were to donate to EFF, I'd want to do so anonymously. Like very anonymously. So bitcoin is an interesting option - depending on how easy it is to get bitcoin anonymously. I don't want other charities or political organisations to hound me for years afterwards. And I don't want a donation to be used against me if/when some overblown official in my country decides that EFF is a terrorist organisation.

I found the humble bundle is a good way of donating to EFF, because that way at least it looks like a game purchase rather than a donation. If I were interested in donating of course.

7
fakeer 2 days ago 0 replies      
Funny thing, while talking about donating to EFF I just came to know two of my friends here in India who donate to many causes in the USA and Turkey, which is of course commendable but never to any cause back here at home!

When I simply asked, why(curiosity)? One of them said, "well, you know..hmm..whatever man. It's just a choice". He stopped at that. And then countd a few Indian charities he had donated to and that included INR 51000 at an Andhra temple(his home state) and then was quick to add "that temple does a lot of charity work". I guess it was one of those US Visa God temples.

Another was clearer in her response. She said, "I've done my masters there and plan to settle there".

I guess I'll start actively donating to AAP[1] now, along with WikiLeaks and WikiPedia and few others.

[1]https://www.google.co.in/search?q=aam+aadmi+party

8
bhauer 2 days ago 0 replies      
Great idea!

I've also just added EFF as a charity option on my activism site [1]. I donated as a bounty for my favorite task championing Score Voting for national elections, which I incidentally feel is a necessary reform to get some alternative voices heard and potentially elected.

[1] https://www.brianstaskforce.com/blog/electronic-frontier-fou...

9
rdl 2 days ago 1 reply      
Running a remailer or Tor node, or somehow deploying crypto (opportunistic crypto if you can't do anything better) is a lot more useful than donating to the EFF, at this point.
10
vijayboyapati 2 days ago 1 reply      
What about donations to Wikileaks? Or maybe even the ACLU. I'm not convinced the EFF has been a consistent critic of the administration. The problem is organizations that have a partisan bias which makes their advocacy suspect.
11
seansoutpost 2 days ago 0 replies      
They take bitcoin now (again).
12
orng 1 day ago 2 replies      
Is EFF an international organization? Do they fight for the rights of everybody or are they mostly US-centered? On their about page they mention going up against the US government and large corporations but I see nothing about any international effort. I suppose this could be because of how much of the internet live in the US, so I was wondering if anyone could shed any more light on this.
13
chris_mahan 2 days ago 0 replies      
Oh great. postal money order through the mail?
14
Qantourisc 1 day ago 1 reply      
The page mentions what they do but not WHERE they do it ...
15
sdoowpilihp 2 days ago 0 replies      
Done and Done.
16
coingig 2 days ago 0 replies      
go bitcoin!
10
Statically Recompiling NES Games into Native Executables with LLVM and Go andrewkelley.me
534 points by darkf  1 day ago   90 comments top 22
1
tibbon 1 day ago 3 replies      
This is amazing. Also, this is the Dark Magic of programming that I don't think I'll 100% grok in 20 years, but its good to try!

edit: now that I think of it, I really need to keep expanding my knowledge. I'm going to go through this post in my terminal and try to at least make the stuff work, so I can start understanding this process. I've been trying to learn Go and C better anyway. Thanks for providing a ground to learn more.

2
comex 1 day ago 3 replies      
Somewhat off-topic, but to defend gcc against clang, here is a modern version of gcc with the correct warning option:

    $ gcc-4.8 -std=gnu99 -Wall -o test test.c    test.c: In function 'main':    test.c:6:5: warning: suggest parentheses around comparison in operand of '&' [-Wparentheses]         if (foo & 0x80 == 0x80) {         ^
gcc 4.9 will have colored diagnostics, too.

Cool project, though.

3
VeejayRampay 1 day ago 1 reply      
This is one of the best technical articles I've seen in a long long time congratulations. I won't go and pretend I understand what is really going on but the writing style is excellent, to the point and the general flow and formatting are a pleasure.

Props dude.

4
logic 1 day ago 2 replies      
Just a quick note about the disassembly challenge he faced (indirect references), having gone through this before: you can get amazingly good results by cheating a bit. That is to say, rather than assuming you actually have to properly execute through the code path, you can get very close by roughly tracking register assignments when making your initial pass through a block of code. (Even better, if you can track potential ranges of values with later calls into a given block. Some of this depends on how you've implemented your disassembler, though.)

I ended up doing this with a SuperH disassembler (with SH2, due to its two-byte opcode layout, indirect addressing is the order of the day), and by doing basic register assignment tracking and adding a few crude heuristics, I was able to get very usable results. No, the end result won't be "pretty"; you'll be moderately embarrassed to show it off., but it will work. :)

(Heuristics: one structure that I had to manually handle were compiler-generated jump tables; thankfully, for my project, I'd had a bit of help from the compiler that was used, and there were distinct signatures I could key off of.)

If you're even remotely interested in the disassembly aspect of this, I'd recommend learning a bit about a piece of software called IDA Pro: https://www.hex-rays.com/products/ida&#x2F; As horrible as the UI of it is, there is simply nothing better on the market for reverse engineering analysis.

5
quux 1 day ago 3 replies      
This is interesting. If this project can output LLVM byte code, then you could also codegen to javascript with emscripten and make a web based version of a NES game.
6
pilif 22 hours ago 0 replies      
This is one of the best articles I've seen linked here in a long time. oP covers so much stuff but simplifies exactly where needed so everything stays understandable and there are no gaps (the "how to paint an owl" syndrome).

Thank you so much for writing and posting this. You made my day.

7
Filligree 1 day ago 1 reply      
Modern PS2 emulators - which is to say, pcsx2 - uses dynamic recompilation to execute games at useful speed. Static recompilation might not be a useful technique, but did you consider a dynamic version? What caveats are there?
8
tluyben2 1 day ago 1 reply      
This is one excellent read! Thanks to the author for writing this down. Not that i'm not interested in the NSA, but this is a welcome diversion. And something I wanted to play with myself for a long time.
9
Pxtl 1 day ago 5 replies      
... while it's not really useful for the NES, which is so old that emulating it does not strain even the crudest modern processor, I'd be excited to see this technique applied to newer consoles for lightweight mobile processors.
10
CountHackulus 1 day ago 0 replies      
I seem to remember someone doing this for the original xbox and getting up to the halo "start game" screen. That was probably easier due to it being roughly the same architecture. This is something else quite different and really neat.
11
dschiptsov 1 day ago 1 reply      
What is amazing here is not the techy stuff, but productivity and clear understanding of concepts. Of course, such shape (of mind) comes from years of daily practice. That's why I know I will never write anything good - I didn't spend enough time practicing. Practice leads to perfection (not reading HN).

And look, the guy is not using any IDE or proprietary tools - just a terminal window and command line (what a horror!) tools. Looks like they are good enough..)

All that 9-to-5 Java coders should at least commit suicide.) More seriously - this is very clear illustration for startup founders of what a huge gap lies between mediocre and a top performer.

Convincing a top performer(s) to work for you is the real secret of a successful startup. Even pg (god forbid!) could be not so successful without rtm.))

12
RegEx 1 day ago 2 replies      
Please forgive me for the bikeshedding, but I have a quick question as a C novice: Is the equality check in the following necessary?

    if (foo & 0x80 == 0x80) {
I thought if you're checking a bit simply anding would be enough (since everything else would be zeros). In other words, could we just use

    if (foo & 0x80) {
If so, then it seems like this would be the preferred form to avoid the precedence issue presented in the article.

13
lucian1900 1 day ago 1 reply      
There is some research on this http://www.pagetable.com/docs/libcpu/26C3-libcpu.pdf

It's a very interesting topic. It may be our best chance at preserving software.

14
kriro 1 day ago 1 reply      
I won't even pretend that I understand half of this but from a quick browse this looks pretty interesting.

It seems very well written, too.

Filed away into my magic "ZOMG INTERESTING PROJECT IDEA" folder :D

15
p_f 19 hours ago 0 replies      
Very interesting article indeed. Some time ago I made something similar for GameBoy games and ran into the same set of challenges (and ended up using similar techniques). The ROM is decompiled and translated into C code, which is then compiled and linked with runtime libraries. Jump tables and indirect jumps often need some manual fixing. I went up to the point where I can convert some simple games (without memory mappers) into binaries running on iOS and X. I did not have the time to document the tools but if anyone is interested to continue that work just let me know.

I guess one of the advantages of static recompilation is that you can port old games to new platforms if you hold the copyright of the game itself, but without running into issues with the manufacturer of the console (Nintendo)--but I might be wrong. You could also conceivably improve the game more easily during conversion (e.g., incorporate higher-resolution graphics). Finally, you could potentially have the resulting code distributed via app stores that do not allow general-purpose emulators.

16
shanselman 1 day ago 0 replies      
This article is a joy. What a wonderfully written and through explanation of the space. I live for this stuff.
17
chadseibert 1 day ago 0 replies      
I agree; this is quite amazing work! I've been meaning to do something like this; perhaps generate a native executable or something similar.
18
patresi 1 day ago 0 replies      
I had a similar idea to this that I never really put in practice which was doing some sort of static recompilation but to higher level code in order to make open source versions of some NES games that could be used by other people to do the same. Accuracy would not be a concern as big as a pure emulation project.

I never got past the reading phase.

19
grapjas 1 day ago 0 replies      
Interesting stuff, and I like the writing style.
20
QEDturtles 1 day ago 0 replies      
I've been meaning to port some classic games over and utilize better input methods for a while. It would be fun to be able to load old GB games on my Android phone and tap the menus instead of navigating them with the DPad. Thanks for this, I was looking for something to do with my Friday night!
21
leehro 1 day ago 0 replies      
This was fantastic, thank you.

Static recompilation seemed like an obvious solution to emulating games in theory, but it was fascinating to see just what it would take. Also loved to read about the clever tricks from 30 years ago and how we can or can't deal with them.

22
saejox 1 day ago 0 replies      
Someone should recompile ps2 games to x86.
11
The Internet Is a Surveillance State schneier.com
508 points by gits1225  1 day ago   111 comments top 12
1
trotsky 1 day ago 4 replies      
I've honestly never really quite recovered from watching the dreams of the cypherpunks die so hideously and completely. I guess it's because the ideas / movement / whatever bubbled up when I was at that age when you think this is going to be the groundswell, my generation is going to cause a fundamental change in the world.

If you're unfamiliar, there was a strong meme in the late eighties through early/mid nineties among a certain set that the perfect storm of public key encryption (still wonderfully unbounded in our minds) and the emerging global network would be a nexus point for personal power in privacy, anonymity and security and in many real ways break down the bonds of the states. It's worth noting that this was about the time that the soviet union fell, and many in the know had gotten a first taste of global presence by hearing about the people in the streets via usenet before it made the news.

It wasn't that I was particularly a hard core believer or activist, at least compared to many I knew. But for those who understood what an immense impact the internet was going to have it seemed to everyone I knew - NSA, hackers, professors, that it was just how it would be. You couldn't hope to spy on pretty much anyone anymore when you could use perfect encryption to scramble a telephone call or an email. Kind of like when you knew everyone was about to have a touch phone.

I was ideologically aligned and mixed in such circles, nerds were still outcasts so not really too big a world, but my life was busy with other things - but I watched from a distance, fascinated with all the ideas and things to come. I'm not sure I've every really been more sure something was going to happen, at least to a very significant degree.

The government was sure too - that was when they came up with CALEA and people got upset but mostly scoffed - there was a real sense that they were just in their death throws.

Things got pretty busy, Internet boom. Company got bought by an agency, every big name anybody needed to be on the Internet yesterday. Was a blast though a bit of a blur - ended up in SF as the whole thing worked itself into a nasty hangover. Can't remember worrying too much about when the cypherpunks were going to win but still knew it had to be coming, err well it's just about adoption.

It really sucks to wake up after a bender and realize that you helped kill the dream that you were just waiting for someone else to make happen.

Working infosec as california recovered put me face to face with reality pretty early in this cycle. Not only was the thing I was so sure of totally not how it went down, with shift from relatively petty financial fraud and wankers to states and srs.bsns abandoning defense to focus solely of offense it's been very hard to square. It's hard to believe many people ever feel so sure about something that turns out so absolutely opposite.

Fuck, at least nobody killed rms.

2
cromwellian 1 day ago 9 replies      
Schneier has a great article here on the many ways you are being tracked, but I think overlooks the fact that much of this record keeping happened prior to the internet. Almost all public activity generates a paper trail, and before the internet, your phone company, bank, grocery store, even your VHS rentals and public library, were keeping records on you. The internet makes it far far more efficient, but it didn't invent the collection of such records.

I think the focus shouldn't be on the unavoidable "information radiation wake" you give off as you move through the world living your life, but on the ways people utilize this information. The government, and private entities, need to be constrained in how this information can be legally used, not in the collection of it, which I think is impossible.

Consider health records, which lots of people are paranoid about. There's a lot of diseases we might be able to treat if people's health records were available to researchers. One might be able to detect correlations in disease from these records of millions of individual cases. But insurance companies and employers could potentially discriminate against you based on these records, so it is in your interest to keep your medical conditions secret. In cases, if you have a communicable disease, it is understandable you'd want privacy too.

Point being, the biggest danger of loss of privacy is abuse by the state or other private entities, and if we could build safeguards against that, the fact that your phone signals give away your location, or your subway card shows where you've been, might not be so threatening.

3
hga 1 day ago 1 reply      
"If the director of the CIA can't maintain his privacy on the Internet, we've got no hope."

Blah. Ignoring for the moment that he's 6 levels removed from the agents in the field, notoriously the very few of them out there (last time I checked 90% of the CIA is desk bound in the US) are very bad at fundamental trade-craft, with the Camp Chapman attack (http://en.wikipedia.org/wiki/Camp_Chapman_attack) as a telling extreme example.

4
riveteye 1 day ago 4 replies      
Privacy is an illusion, and a dangerous one. It allows dishonest people to appear honest, and further perpetuates the lie of 'normal'. It closes minds and turns us against other people who are just as human as ourselves. Privacy allows corporations selective access to our data, with the promise that it won't be misused, sold or released to those who wish to do us harm. This is a promise that no corporation can reasonably be expected to keep, if they fall under the jurisdiction of any institution greater then themselves (Like the US government). We have a lot of anxiety around people finding out our secrets, but only because we expect privacy in a world (or internet) where true privacy doesn't really exist. If you do a thing, and you do it anywhere beyond in your own mind, you have effected reality, you have changed the universe, it is public. As terrifying as that might seem.
5
finnw 1 day ago 0 replies      
> Google knows exactly what sort of porn you all like

If only.

6
Jupe 1 day ago 0 replies      
I just don't get it. Hacker news, just days ago had a posting: "Police admit they're 'stumped' by mystery car thefts", and the collective response was something along the lines of "silly police don't know how to use google."

And now, the "hackers" are in disbelief that the US government is actually reading their emails and listening to their phone calls. NSS!

We got what we wanted here, folks. Information is free - free to be created, free to be read, and free to be copied, stored, decrypted and analyzed by anyone with the means and drive to do so.

I don't know who said it, but "Don't put anything online you wouldn't want to appear above the fold of the Wall Stree Journal."

7
dnautics 1 day ago 0 replies      
There are two obvious ways to fight this. First, add a lot of noise. For example, you could change your name to something extremely common. You could broadcast inaccurate data about yourself.

Secondly, whenever you do need privacy, use the social equivalent of a one-time pad. Never execute the same mechanism twice. For example, you could conceivably use a cantenna to access a distant wi-fi spot. You could buy the wireless cards with cash (and walk to the store where you buy it, preferably in a city that you don't frequent - and get there by car with good mileage so that there's limited trace of you being there), and buy a used laptop on craigslist with cash....

While surveillors can be open-minded, to a certain degree access to enhanced tracking technology will also engender a stronger reliance on the streetlight effect - and complete expurgation of the streetlight effect is impossible.

8
jetblackio 1 day ago 2 replies      
I think instead of trying to fight the increased levels of surveillance by both governments and corporations, we need to focus on increasing the levels of transparency. I personally don't really care that governments and other organizations have information about me. There is always an inevitable paper (or electronic) trail associated with using the internet and various services.

But I do care about the fact that the FBI can pull up information about me and I have no knowledge of it. If they collect information to combat terrorism, fine. But the 99.999 percent of innecent people being tracked have a right to be notified (and given a course of action for recourse) when they've been wrongly targeted, for whatever reason.

I know, it's an idealistic dream, but it is more realistic than combating the inevitable surveillance practices that are just now coming to light.

9
splitrocket 1 day ago 0 replies      
Those who would stop this cannot: their whole lives are also part of the surveillance state. Politicians,generals, senators, prime ministers and CEO's all: their dirty laundry and skeletons in the closet that they thought were secret are no longer.

No one of power will fight this because they are afraid of becoming its target.

10
ilaksh 1 day ago 0 replies      
There is no reason to trust large companies with our data. We should move to content oriented networking where data is encrypted by default and we can choose what networks our data goes into and how it is accessed.

We should also use peer based grid/mesh networks as much as possible

11
websitescenes 1 day ago 0 replies      
I am really surprised how people are reacting to surveillance revelations. These practices or obvious and have been in use for as long as I can remember. Did no one really know about widespread government surveillance? You don't have to look very hard to find evidence. Bottom line: this has been happening for a long time. Do really think that the military released the internet because it made them feel all fuzzy inside? Think about it.
12
matrix9 1 day ago  replies      
You'd better encrypt your private data before uploading to web sites.

Recommend to use some privacy oriented apps/sites spideroaks, securekeep.com

12
U.S. Is Secretly Collecting Records of Verizon Calls nytimes.com
476 points by zt  2 days ago   107 comments top 16
1
joelrunyon 2 days ago 4 replies      
What happened to this being the most transparent administration "committed to creating an unprecedented level of openness"[1]?

http://www.whitehouse.gov/the_press_office/TransparencyandOp...

2
stfu 2 days ago 0 replies      
I, for one, am already looking forward in what ways the Obama administration is going to hunt down the leaker of this document. Because - how should a government function without having a basic level of secrecy? Oh irony...

On the other hand the leak probably came even from the administration itself. After they pretty much got away with intimidating political opponents and spying on unfavorable reporters, why not unload a few other skeletons from the closet.

Worst case scenario Jon Stewart is making a 5 minute skit out of it and with twinkle in his eye moving back to bashing some more convenient subjects.

3
jpdoctor 2 days ago 1 reply      
> highly classified court order

Boy does that sound like a concept which needs to die. Justice does not tend to occur behind closed doors.

4
samstave 2 days ago 3 replies      
The U.S. is openly storing any packet that traverses any wire it can field signal from.

Quantum Tapping:

The loophole is that they are not 'tapping' any communication until the moment when they actually observe/listen to it.

5
uvdiv 2 days ago 0 replies      
Previous discussion (5 hours old, still active):

https://news.ycombinator.com/item?id=5829442

6
AYBABTME 2 days ago 6 replies      
What do people expect? It's either that or open war mongering. This administration doesn't want to be seen as a militaristic one, but the world doesn't stop being what it is because voters get tired of wars. So something has to give. More drones, expanded secret ops, more information gathering.

I don't like the idea of being spied on, not at all. But from a security perspective, I understand the need for better information. I'm kind of playing Devil-advocates, but it's naive to expect your government to provide you safety, lifestyle, freedom, without having to play behind the scene - or openly fight oversea - when the rest of the World lives a completely different story.

7
qwertzlcoatl 2 days ago 2 replies      
The War on Terror is taking more and more victims. Chasing this phantom is getting dangerously close to an Orwellian Paradise.

As Terry Jones said, "How do you wage war on an abstract noun, it's like deciding to bomb murder".

8
Vivtek 2 days ago 4 replies      
Oh, who could possibly have predicted this?

Why is everybody so surprised? I literally do not understand this.

9
JonSkeptic 2 days ago 3 replies      
>The order was marked TOP SECRET//SI//NOFORN, referring to communications-related intelligence information that may not be released to noncitizens. That would make it among the most closely held secrets in the federal government, and its disclosure comes amid a furor over the Obama administrations aggressive tactics in its investigations of leaks.

The author not only wrote the article about this, but also put in the classification of the document source. Salt in the wound. I can't help but feel that such a detail may have been included as a response to recent events regarding members of the news media and their treatment at the hands of the government. It very much seems that the honey moon is over.

10
Cieplak 2 days ago 0 replies      
If you don't like this, call your representatives in congress, and tell two friends about it.
11
butner 2 days ago 3 replies      
No checks and balances here... at least any that aren't classified and are transparent to the public. A Tyranny, as Thomas Jefferson might refer to it.
12
shmerl 2 days ago 1 reply      
Well, it's not a surprise, but at least now there is a solid evidence. What can the public do about it though?
13
salimmadjd 2 days ago 0 replies      
AFAIK, Amdocs processes most of the carriers billing, aka metadata. Many of Amdocs systems are based in Israel. So, does NSA need court ruling to get metadata from an Israeli company? Seems like it might be another convenient way to go around the constitution.
14
Aloha 2 days ago 4 replies      
I've never considered call detail records to be particularly private. That's all this is.
15
forgotAgain 2 days ago 0 replies      
You're not being paranoid if they're really out to get you.
16
bas 2 days ago  replies      
Is this actually "news" (i.e. new information)? Ever since the secret room business in 2006 (about events in 2003 or earlier), the handwriting was on the wall.

http://en.wikipedia.org/wiki/Room_641A

http://www.schneier.com/blog/archives/2006/04/att_assisting_...

13
NSA slides explain the PRISM data-collection program washingtonpost.com
451 points by o0-0o  2 days ago   116 comments top 10
1
danso 2 days ago 4 replies      
(note/edit: I've made an error of conflation between the recently reported massive phone record sweep-up and PRISM, which according to the WP, simply allows analysts to trace (essentially) the totality of someone's online interactions, though not everyone at once. So really, things don't seem that much different than last week when it was well known that the government has discretion to warrantlessly tap us. Still, $20M a year is a pretty good price for a government contract)

Isn't it kind of surprising that the leak for this came from a career intelligence officer and not one of the many tech-utopia idealists who work at these kinds of startups? Not necessarily someone at the executive level, but one of the scores of employees required to assess, review, and implement the alleged backdoor? It's not just a matter of ethics, but just that you'd think someone must be idealistic/reckless enough to leak it from the companies' side

Edit: Also, as has been pointed out elsewhere...this program only cost $20M a year? If that's the price of eternal security, I'd say we got a pretty goddamn good deal. The shitstack that is the government's stimulus contracts database alone cost $18M to build (http://www.propublica.org/article/stimulus-transparency-watc...). And what percentage of a fighter jet's paint job does $20M cover?

I'd say it's possible that the government is unconstitutionally intruding on our privacy but also doing it in a bumbling way (which also has its downsides).

2
wyck 2 days ago 0 replies      
It's no coincidence this is called PRISM.

http://en.wikipedia.org/wiki/Beam_splitter

Some parts of this technology are actual prisms (several patents pop-up via google) , this might remove all parties legally speaking.

Furthermore these can be installed fairly easily without anyone really knowing, though some physical access is required.

The same technique was used in http://en.wikipedia.org/wiki/Room_641A and pretty much all over every pipe, including the one this data went throught to show up on Hacker News.

3
cpeterso 2 days ago 5 replies      
I'm not sure why this is a big surprise to anyone. I'm a cynic, but if anyone asked me whether I think the NSA, CIA, or FBI are eavesdropping on personal communications, I would say, "of course they are." This is nothing new: ECHELON, Clipper/Skipjack, Carnivore, ...
4
cdooh 2 days ago 3 replies      
Two days, two major reveals, wouldn't be suprised if tomorrow I wake up to find out that they've been switching on the microphones and cameras on webcams and cellphones.
5
andyl 1 day ago 0 replies      
Google is dismantling XMPP federation, but if these slides are true then their NSA federation is working better than ever.
6
FireBeyond 2 days ago 1 reply      
Why leave Apple off the list in the title submission?

(Because they deny it? Then better leave Google off the list, too - they deny it as well).

7
rasterizer 2 days ago 3 replies      
For what it's worth Apple and Google denie it: http://www.cnbc.com/id/100797046
8
adrinavarro 2 days ago 3 replies      
Now. Exactly which data is exposed for each provider?

I'm thinking mostly about Gmail. Because virtually everyone now is using it

The whole content of any communications? Just origin/dest?

This is becoming scary.

9
ericd 2 days ago 1 reply      
I wonder if the NSA and the politicians that enabled this realize the amount of economic damage this could do to the US by promoting the balkanization of the world's telecom networks and spreading mistrust for US tech and telecom companies. This seems very short sighted, if they care about that stuff at all.
10
o0-0o 2 days ago  replies      
14
What We Don't Know About Spying on Citizens: Scarier Than What We Know theatlantic.com
446 points by ssclafani  1 day ago   183 comments top 3
1
ck2 1 day ago 11 replies      
Today I am throwing out the newspaper I was saving from the day after Obama was elected and all the electronic newspaper front pages from around the world I was saving from that day are being deleted from my hard drive. I've lost all pride.

I am utterly disgusted with this administration. Any good he has done is wiped out by being far worse than Bush with the domestic spying and whistleblower prosecutions.

How are we any better than China - because we at least eventually find out? Because people don't get disappeared off the street?

You remember that feeling of incredible relief when we saw Bush finally being flown away in the helicopter on his last day? Well that feeling is going to be deja vu in a couple years.

I just hope the next president doesn't try to do a one-up like Obama did to Bush. Obama's library/museum is going to be even more hypocritical than Bush's.

2
kijin 1 day ago 0 replies      
> The U.S. government is on a secrecy binge ... We need whistle-blowers.

Q: What's the difference between the kind of transparency that Wikileaks et al. tries to promote, and the kind of transparency that Mark Zuckerberg wants Facebook users to adopt?

A: The former asks transparency of powerful entities, helping to check their power. The latter asks transparency of relatively powerless individuals, enabling the modern surveillance state and making individuals even more powerless.

The most important thing that we should keep in mind when we talk about any sort of justice in the context of information is how possession of information alters the balance of power in the world. Because politics, ultimately, boils down to who has how much power over whom. It's not about embarrassment. It's all about the loss of authority that public scrutiny and embarrassment can cause.

"Knowledge is power": knowing something about somebody gives you power over that somebody. This rule of thumb even works when we interact with physical objects (if you know how something works, you have the power to use it to your advantage), and it works just as well when we interact with other people. Asymmetric transparency leads to asymmetric power because they know enough about you to take advantage of you but you don't know enough about them to take advantage of them.

This is why I firmly believe that powerful entities should be required to be several orders of magnitude more transparent, and therefore open to public scrutiny, than the average chump would ever need to be. The only thing that can balance off the asymmetry of power that complex social organization usually entails is an asymmetry of knowledge in the other direction. Example: Who I talked with on the phone last night is none of your fucking business. But if you're in a position of considerable power, every meeting you ever have with every lobbyist in the Universe should be damn well everyone's business. This is not unfair at all. Clinton had no right to get secret blowjobs in my opinion. Nobody should be allowed to have both power and privacy, because the combination is a recipe for tyranny.

3
hooande 1 day ago  replies      
I want to provide some perspective here, at the risk of being downvoted.

To compare what the US government is doing to a truly oppressive regime is insulting. People in the world today live in fear of physical harm from their own government. They aren't worried about phone call meta data or blanket call logging. They're worried about being taken by force with no trial, no ACLU or EFF to help them. Just gone.

Ai Weiwei served months in jail for art projects that were critical of the government. Can anyone imagine that happening here, in the country where flag burning is constitutionally protected? There are dozens of countries in the world today that have a near 100% conviction rate for political dissidents. Here in America confessed terrorists have the right to an attorney and god help the prosecution if there was any missed technicality during the arrest.

Don't dare be a girl trying to go to school in many middle eastern countries. Might get run over by a tank if you openly oppose the chinese government. Offend the king of saud with your actions and you'll be literally stoned to death in the street. And we're worried about phone call meta data?

I think a lot of this is ignorance about how modern counter terrorism works. The most effective tool we have is social network analysis. Find a terrorist and see who calls them, then see who calls those people and out and out. Look at the vertices and edges and dependency networks and we can learn a lot about complex organizations without risking any lives. It's understood that this is offensive to many people's privacy beliefs, but it's the best tool we have.

If you want to know why government agency's are engaging in this wildly unpopular behavior, here's the answer: On 9/11 a lot of people swore to god that it would never happen again. That might sound like a joke to people who never held up their hand and vowed protect and defend. People give their fucking lives to stop threats that you'll never know about. Question their methods all you want, they aren't going to listen.

Also: Save the slippery slope nonsense. There is a 0% chance of the US government becoming an oppressive regime, surveillance or not. Those things just don't happen in times of peace and prosperity. No country has ever gone from being an advanced democracy to being a tyrannical regime. Obama can't even pass a law without 37 votes to repeal.

15
President Obamas Dragnet nytimes.com
438 points by forgotAgain  2 days ago   138 comments top 9
1
mtoddh 2 days ago 6 replies      
From the article:

"The defense of this practice offered by Senator Dianne Feinstein of California, who as chairman of the Senate Intelligence Committee is supposed to be preventing this sort of overreaching, was absurd. She said today that the authorities need this information in case someone might become a terrorist in the future."

That second sentence is the one that really caught my eye:

She said today that the authorities need this information in case someone might become a terrorist in the future.

Wow. Just wow.

2
jurassic 2 days ago 1 reply      
> The administration has now lost all credibility on this issue.

Yes. Fuck you Mr. Obama, Mr. Bush, and everyone who ever voted for the PATRIOT Act. Failed promises on Gitmo, mideast conflicts, drone murders, and civil liberties/domestic spying. I hope they impeach him for failing to uphold the Constitution.

I'm cynical, so I suspected this was probably happening all along. But my anger over this is still white hot. Our whole government is broken when leaders of both major parties blatantly lie and conspire to undermine our Constitution.

3
pvnick 2 days ago 3 replies      
Said Jim Sensenbrenner, who introduced the Patriot Act:

As the author of the Patriot Act, I am extremely troubled by the F.B.I.s interpretation of this legislation, he said in a statement. While I believe the Patriot Act appropriately balanced national security concerns and civil rights, I have always worried about potential abuses. He added: Seizing phone records of millions of innocent people is excessive and un-American.

4
pessimizer 2 days ago 2 replies      
Aren't you suddenly getting terrified about what the dossier created by data mining every phone call, every email, every article on every website you read, every comment you've ever left, every book you ever bought, every library book that you ever took out, the magazines that you subscribe to, every cent you've ever spent by card and where it was spent, every place you've ever lived, every place where you worked, every place you ever made a phone call from, every classmate you've ever had, how much electricity you use, and the same things about all of your probable friends - w/different data sources starting 7-15 years ago?

Are you even more terrified of the executive summary? Is it just me?

5
emin_gun_sirer 2 days ago 3 replies      
This article would have been stronger if it had contained a bit of introspection. Why did it require a UK paper to uncover this operation?
6
mtgx 2 days ago 1 reply      
It should be mentioned that it was written by the Editorial Board of NYT.
7
yk 1 day ago 1 reply      
I did grow up in West Germany during the 80ies, and at that time I was told that we were on the right side of the wall, because our government does not kill people, does not torture people and does not spy on its own population. Sometimes I wonder who won the cold war.
8
vijayboyapati 2 days ago 3 replies      
Question: At what point does the average statist admit that the libertarians (s)he has been belittling for so many years as tin-foil hat crackpots were far more savvy about the nature of the state than they were?

Answer: never

9
sneak 2 days ago  replies      
Keep paying US taxes and voting. That should work.

(But seriously. It's time. Pack your belongings and leave. Vote with your tax dollars, please.)

16
Wi-Fi signals enable gesture recognition throughout entire home washington.edu
417 points by risent  3 days ago   77 comments top 24
1
networked 3 days ago 5 replies      
>A standard Wi-Fi router could be adapted to function as a receiver.

The article and the embedded video do not make it entirely clear but if this technology could be deployed in existing Wi-Fi routers with relative ease [1] then it could have far-going implications for both privacy and the physical security of anywhere where there's Wi-Fi. Once it's easy enough to deploy on a hacked device that a hired script kiddie can do it even simple burglars could take an interest in residential routers to know when nobody's home.

I wonder if this will affect the market for embedded Linux security consulting in a major way.

[1] I.e., without modifying the hardware and with no need for manual calibration.

2
JonnieCache 3 days ago 0 replies      
Look out for lots of <img/> tags pointing to http://192.168.1.100/epic_firmware_fail.cgi?sploit=PAYLOAD!
3
ChuckMcM 3 days ago 1 reply      
Ok DD-WRT folks, get to it :-) More seriously though, this is a pretty cool thing, using your motion which is blocking wireless signals to detect motion. In hindsight its kind of obvious since people are 'giant waterbags of attenuation' as my RF buddy calls them. This also means you can probably add something of a burglar alarm/motion sensor system to these things, and if you were careful you might be able to see the movement of people inside a house by looking at the WiFi signal leaving the house. Certainly if you're carrying around and active phone/tablet that would be trivial to do from outside (and by trivial I mean you would have lots of signal to work with and the math would be straight-forward, not that it would be simple)
4
niels_olson 3 days ago 0 replies      
> Neighbor: Why do you always wave your hands around?

> Me: It's the preamble to the spell where I invoke the deamons

> Neighbor: Why the stick?

> Me: Improves gain

5
kingkawn 3 days ago 0 replies      
This sounds a lot like the mobile phone sonar that Batman used in the Dark Knight which seemed utterly ridiculous to me and many others at the time:

http://sfblunders.wordpress.com/2008/08/07/dark-knight-sonar...

6
rvasa 3 days ago 2 replies      
Oh the possibilities of this - may be with enough data- you can just wander around a suburb and figure out which houses are currently occupied and which ones are not.- improve aged care by monitoring walking patterns- combine it with some more ingenious technology for localised sound -- you can beam music as I walk around the house (or block out sounds)?- a bit more sensitivity and we can even probably pick up a person while they are having or just about to have a heart attack?

I am sure the privacy folk out there are having multiple heart palpitations.

All I want to say is "bring it on"

7
OldSchool 3 days ago 0 replies      
I've often wondered is to what extent existing RF noise as "illumination" could be leveraged to effect some kind of passively acquired representation of objects. Resolution would of course be limited by wavelength but improved if the antenna array was physically moving in a describable manner. We had useful SAR during the cold war and orders of magnitude more compute power today. If you know of more efforts along these lines from hacker to research level, please post a link.
8
chopsueyar 3 days ago 4 replies      
Can this differentiate between multiple humans gesturing at the same time (intentional or otherwise)?

What about pets moving around or turning the shower on?

9
cheald 3 days ago 0 replies      
Honestly, the most exciting aspect of this would be in being able to just have a passive scanning system that can identify where in the house my kids are.
10
est 3 days ago 2 replies      
So this was basically an S-band radar with a home wifi router? Can we make a mosquito zapper lazer with it?
11
joshdance 3 days ago 1 reply      
Love this idea. However 94% accuracy is not good enough. You need to be able to trust your action will lead to the desired result. 94% is like Siri getting your whole text message right, but getting the recipient wrong.
12
pavel_lishin 3 days ago 0 replies      
This strongly reminds me of A Deepness in the Sky, albeit the implementation is different and the resolution is probably nowhere near the fictional stuff.
13
waster 3 days ago 0 replies      
Great; so next time I sneeze, I'll accidentally turn on the garbage disposal?

Seriously, though, it reminds me of the "house of the future" from one of those ubiquitous films they showed us in elementary school way back in the day.

14
pointernil 3 days ago 1 reply      
Just wondering, do standard wi-fi chipsets provide the raw signals needed to implement things depending on spectrum-analysis like this? Some super-raw mode? How about Bluetooth chips? Sound chips (for supersonic)?
15
cdooh 3 days ago 0 replies      
This is so cool!! I wonder how far off it is to commercial deployment and what licensing plans they may have.
16
protolif 3 days ago 1 reply      
This may not be something we want.
17
mathiasben 3 days ago 0 replies      
Could be useful in prisons to keep tabs on the general population without having to use cameras.
18
fbeeper 3 days ago 1 reply      
I'm nowhere near to be techno-apocalyptic, but I just thought that from a "1984" point of view it could be a tool to monitor activities without no permission at all.
19
Yuioup 3 days ago 0 replies      
Bye bye Kinect. Guess we won't be needing you now.
20
znt 3 days ago 2 replies      
If used right, this would disrupt home security industry so hard. It would be possible to get rid of any motion detectors, if I am not mistaken.
21
bakztfuture 3 days ago 0 replies      
How would you get started with this technology or stay updated with this project? I'm keen on its prospects.
22
aren55555 3 days ago 0 replies      
They are tracking all our movements via Wi-Fi
23
alphanumeric0 3 days ago 0 replies      
Damn, I posted this on hacker news before you.
24
trendspotter 3 days ago 1 reply      
17
Stellar Wind (code name) wikipedia.org
393 points by bascule  2 days ago   167 comments top 6
1
JPKab 2 days ago 7 replies      
My brother worked for years in the intelligence community. One of the common stereotypes within the IC regards the fact that Mormons are heavily overrepresented, for various reasons that involve foreign language skills from mission trips, a reputation for respecting authority, abstinence from drugs/alcohol, family connections, ease of gaining security clearances, etc. The stereotype in the IC regarding Mormons is they never "question." The dozens of friends I have that work in the IC say that the stereotype is accurate.

Source: http://www.businessinsider.com/11-surprising-things-you-didn...

"The apparent incorruptibility of Mormons' moral righteousness make them ideal candidates for the nation's law enforcement and intelligence agencies.

Mormons are disproportionately represented in the CIA. A recruiter told the Salt Lake Tribune that returned Mormon missionaries are valued for their foreign language skills, abstinence from drugs and alcohol, and respect for authority "

I wonder if this has bearings on constructing the new data center in Utah?

2
brown9-2 2 days ago 3 replies      
It's useful when discussing this topic to break the word "spy" down into more discrete terms to understand exactly what we are discussing.

I found this article to be useful in differentiating the various terms:

On its face, the document suggests that the U.S. government regularly collects and stores all domestic telephone records. I use the caveat because there are several ways to interpret it, assuming it is real. (It looks real.)

A few definitions: to "collect" means to gather and store; to "analyze" means that a computer or human actually does something with the records; to "intercept" means that a computer or human actually listens to or records calls.

...The NSA, under the FISA Amendments Act, is able to analyze metadata, like incoming and outgoing call records, so long as the Attorney General certifies that a particular set of information is useful for reasons of national security. Then, the NSA asks the Foreign Intelligence Surveillance Court to order that a company comply. As that bill was being ironed out, this step was requested by private companies because they wanted protection from lawsuits in case innocents or millions of innocents found that the NSA had gathered their call information.

My own understanding is that the NSA routinely collects millions of domestic-to-domestic phone records. It does not do anything with them unless there is a need to search through them for lawful purposes. That is, an analyst at the NSA cannot legally simply perform random searches through the stored data. He or she needs to have a reason, usually some intelligence tip. That would allow him or her to segregate the part of the data that's necessary to analyze, and proceed from there.

In a way, it makes sense for the NSA to collect all telephone records because it can't know in advance what sections or slices it might need in the future. It does not follow that simply because the NSA collects data that it is legal for the NSA to use the data for foreign intelligence or counter-terrorism analysis.

http://theweek.com/article/index/245228/the-fbi-collects-all...

This is written specifically about the telephone call metadata, but being able to differentiate exactly what is collected about Internet traffic would also aid this discussion. Unfortunately this would only be possible if the government was more transparent about what is being collected.

3
TallGuyShort 2 days ago 0 replies      
>> "According to Mueller, approximately 99 percent of the cases led nowhere, but "it's that other 1% that we've got to be concerned about""

No, it's the 99% of cases that were completely unwarranted in the first place that we've actually got to be concerned about.

4
WestCoastJustin 2 days ago 1 reply      
There is a interesting talk on youtube [1] by William Binney (a former U.S. intelligence official turn whistle blower) [2], where he talks about the tech behind ThinThread [3]. He describes how ThinThread uses Latent semantic indexing [4] to pull together all this metadata into a type of fingerprint. There are various reports (see google) that Stellar Wind was based on a component of the ThinThread capability or that Stellar Wind was an off shoot of ThinThread.

[1] https://www.youtube.com/watch?v=dxnp2Sz59p8

[2] http://en.wikipedia.org/wiki/William_Binney_%28U.S._intellig...

[3] http://en.wikipedia.org/wiki/ThinThread

[4] http://en.wikipedia.org/wiki/Latent_semantic_indexing

5
kunai 2 days ago 6 replies      
What is truly a scary thought is if the vast, mindless mass of people easily swayed by consumerism, advertisement and buzz, talk about this for about two weeks and then forget the whole thing, screaming "We have NOTHING to hide!" as a logically flawed and incredibly poor excuse.

The entire premise that democracy would work is flawed. Take Turkey. A ravaged, torn, depressed state, brought back to life by a fucking dictator, Kemal Ataturk. And now? Riots and revolution are taking place on the streets of Istanbul.

I'm not saying dictatorship is the best idea, but a good, conservatively Green or Green Libertarian government is the only path to resolution. But since the United States mass public is uneducated and apathetic (unlike how it used to be 300 years ago, and also markedly unlike quite a few in Europe who actually give a fuck about their rights), don't expect it to happen any time soon.

And for those who think this is elitism:

  We are not now that strength which in old days  Moved earth and heaven, that which we are, we are,  One equal temper of heroic hearts,  Made weak by time and fate, but strong in will  To strive, to seek, to find, and not to yield.   - Tennyson

6
voxmatt 2 days ago  replies      
I'm glad someone posted this. My immediate thought after reading the breaking news about the massive phone surveillance was, "wait, did people not think this was happening?" I'm really not a conspiracy nut, but that Wired article and the NYTimes reporting made it pretty clear that the Gov't is pretty much collecting everything they can get their hands on.

Glad to finally see some outrage though.

Legitimate question: what's new about what is breaking in the news right now? Merely confirmation that the NSA is conducting indiscriminate phone-taps?

18
Buttons with built-in loading indicators hakim.se
391 points by Spiritus  3 days ago   60 comments top 25
1
ultimatedelman 3 days ago 2 replies      
This is very pretty, but there's no need for a larger, separate JS file. All of this can be handled with CSS and a simple JS command that adds/removes a CSS class on click.

Quick demo: http://codepen.io/ultimatedelman/pen/klDHy

Since you wouldn't obviously use all the effects in this article, just pick the one you would use and have the .loading class effect the correct change.

UPDATE: now with fewer elements. Only HTML element needed to achieve this effect is the button itself :)

2
scythe 3 days ago 0 replies      
Hm, I was going to say it is slightly messed up in Opera -- the boxes don't move like they should -- but I guess it's not going to matter in the very near future. :(
3
lamby 3 days ago 5 replies      
It's not known very well, but Bootstrap has similar functionality, albeit not as pretty:

http://twitter.github.io/bootstrap/javascript.html#buttons

4
yvoschaap2 3 days ago 3 replies      
Hakim has more amazing experiments on his site (incl. Sinuous) worth checking out: http://lab.hakim.se.
5
Filligree 3 days ago 0 replies      
Nifty. I don't know how we missed the possibility - this looks really nice.

Oh, and thank you for adding a license. So often I see neat hacks posted, without any license at all...

6
emehrkay 3 days ago 1 reply      
What impresses me the most is the JS. It is so clean, concise, and, the only other word that I can think of, professional. It puts the onus of capability on the browser and doesn't try to make up for those who lack. Sure you can shim addEventListener or setAttribut, but F IE (really), it has been adding complexity for far too long.
7
mullr 3 days ago 0 replies      
This is quite nice. All of the animations would be made better by removing the bounce at the end; it's a jarring way to end something that's otherwise very smooth.
8
comex 3 days ago 1 reply      
It's worth a note that these buttons are very laggy in MobileSafari, except for zoom-in and zoom-out, which use -webkit-transform and thus have hardware accelerated animation. While slide-* could be changed to use -webkit-transform, I'm somewhat surprised that the performance of the others is so bad, and I wonder if there's some not-completely-awful trick that would improve expand-*.
9
SeoxyS 3 days ago 0 replies      
A few years ago I built a button for an iPhone app that turned into a progress bar while loading:

Here's a CSS version of it (with image assets).

http://codepen.io/kballenegger/pen/uJGCF

10
jurre 3 days ago 0 replies      
I actually did a similar thing for iOS, I'll try to extract it from that project and open source it when I find time :)
11
Achshar 3 days ago 0 replies      
That looks cool. But in most of my projects, I use a "frame" structure. After submitting something, the frame changes to either left or right, completely moving the submit button out of sight. So while this is very cool, it doesn't work for popups and frame like designs which are supposed to "move" immediately and process ajax requests in background to give an illusion of speed.
12
ericjust 3 days ago 1 reply      
We did something similar on one of our office hack days.

http://waitable.adstruc.com/

https://github.com/ADstruc/waitable

We built a generic jQuery plugin which binds to jQuery promises, taking care of the waiting state and double-submit issues while firing off Ajax requests.

13
pbobak 3 days ago 0 replies      
Nice! Although the loading gif looks a bit dodgy on retina screen. I'd suggest playing with CSS and making that loading bit a pure css shape.
14
simonbarker87 3 days ago 0 replies      
I saw this and just thought, "why isn't this the way we do buttons and loading" nice
15
mrtbld 3 days ago 1 reply      
On Firefox, a dotted line appears around the button's text when it has focus (after click for instance). IMO, it ruins the nice clear style of the buttons.

You can remove it with the non-standard `button::-moz-focus-inner{border:0}`. Then you could define some style for `button:focus{...}` to help keyboard navigation.

16
shaydoc 3 days ago 1 reply      
This is also a nice solution

http://fgnass.github.io/spin.js/

17
jumblesale 3 days ago 2 replies      
This is really cool! The only thing that makes it a little ugly for me is that when I click on it, my browser puts an ugly grey box around the text like I'm selecting it. Could this be solved by immediately changing the focus of the input?
18
dspillett 3 days ago 2 replies      
Nice. I like the in-place-with-overlay option particularly, though I can still interact with the other buttons while the overlay is in place which I was not expecting.
19
k__ 3 days ago 0 replies      
I like the slid.es examples.Are there some JavaScript based slides, which work on a server so that one user can navigate to new slides and the other users see the change in their browser?
20
Aardwolf 3 days ago 0 replies      
The slide right seems broken.
21
suyash 3 days ago 1 reply      
Interesting use case, but not practical enough. All the times when you need to show a loading indicator do not occur after clicking on a button, loading indicator needs to come up when any amount of delay is anticipated. It can show up after clicking a link, image etc etc whereas this example implies as if loading indicator is only need when a button is clicked.
22
ozh 3 days ago 1 reply      
very neat, and incidentally made me discover slid.es, what an extremely well made app that is.
23
braum 3 days ago 0 replies      
this is great, thanks for sharing!
24
Leszek 3 days ago 1 reply      
Something like this, but with a progress bar instead of a generic loading thing, would also be very nice.
25
adityar 3 days ago 0 replies      
very cool. progress bars next?
19
Mark Zuckerberg addresses PRISM facebook.com
380 points by cbrsch  1 day ago   276 comments top
1
dkulchenko 1 day ago  replies      
Look at the two writeups (Zuckerberg's and Page's) side by side. Each has 4 paragraphs. Each of the pairs of paragraphs addresses the same thing.

1st paragraph: we wanted to respond to these claims. 2nd paragraph: never heard of PRISM, don't give direct access. 3rd paragraph: each request goes through legal channels. 4th paragraph: encourage governments to be more transparent.

Terrifying.

EDIT: It gets worse. Here's Apple: "We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order."

Here's Paltalk: "We have not heard of PRISM. Paltalk exercises extreme care to protect and secure users data, only responding to court orders as required to by law. Paltalk does not provide any government agency with direct access to its servers.

Here's AOL: "We do not have any knowledge of the PRISM program. We do not disclose user information to government agencies without a court order, subpoena or formal legal process, nor do we provide any government agency with access to our servers."

And here's Yahoo: "We do not provide the government with direct access to our servers, systems, or network."

Microsoft refused to issue a direct denial of involvement in PRISM.

20
Exhibit A the child pornographer abarristerswife.wordpress.com
368 points by q_revert  3 days ago   376 comments top
1
speeder 3 days ago  replies      
I never understood why all the paranoia with pedo...

I mean, I can see why it is a bad thing, but I saw even some really silly stuff, like a muslim friend that I know, being resolute that anyone having sex with a minor is evil and must be punished immediately.

Then I pointed that their prophet had a 9 year old wife (that by the way this girl also wrote good part of their holy book) and then she said that this does not count...

Why?

You know, my grandmother married when she was 14, and she is still married with the same guy, they make a great couple (last time I saw them, it looked like a typical teen couple, with my grandma JUMPING into my grandpa and hugging him like if it was a japanese anime or something, it kinda startled me to see old people do that, but then, why not?), and I have a hard time believing that a 14 year old girl is so dumb to the point of needing heavy-handed state protection in deciding her relationships.

Likewise I can say that I am a perverted evil man too... I started seeing porn when I was 14, and I found out girls of roughly the same age attractive, not some random aunt... Probably the hard-drives with that porn is still somewhere on my electronic quasi-junk stash... What happen if someone fiddle with my junk and find them? According to our current law I will go arrested for posession of child porn, even if I got it when I was a child myself...

Kinda child...

At least, Brazil only buckled to US pressure regarding the porn laws (That I think are absurd and silly, you should prosecute those caught in the tape abusing the kids, and maybe use the fact they filmed it as a aggravating factor, prosecuting random people for having any kind of porn or media is really stupid), the child sex laws make more sense... (here people above 14 can have sex, not 18 or 21... and if you think the law is wrong about that, then tell me how you will punish half of the 14 year old people in your area)

21
NSA Chief Denies Domestic Spying Story (2012) forbes.com
353 points by mitchelllc  2 days ago   55 comments top 13
1
brown9-2 2 days ago 12 replies      
Yes. Does the NSA routinely intercept American citizens emails?

No.

Does the NSA intercept Americans cell phone conversations?

No.

It's worth noting that "intercept" has a very specific meaning here, which the Congressman asking the question nor the reporter may not have realized.

From http://theweek.com/article/index/245228/the-fbi-collects-all...

A few definitions: to "collect" means to gather and store; to "analyze" means that a computer or human actually does something with the records; to "intercept" means that a computer or human actually listens to or records calls.

So it is possible that the NSA routinely collects telephone and/or email metadata and that the NSA does not routinely "intercept" citizen's email or cell-phone conversation (depending upon the meaning of "routinely" used), and that an answer of "No" to the latter is not a lie.

This article by the same author has more information on the program's specifics (http://theweek.com/article/index/245285/how-the-nsa-uses-you...), as his sources have told him:

The NSA would insist that it does not actually "spy" on you until it gets a further order, if at all. In most all circumstances, the FBI, not the NSA, would actually listen to your conversations if a FISA order was acquired. So merely "collecting" the data is like receiving a box full of records but not opening it until and unless they had a good reason to do so.

That metaphor is not terribly comforting, but it does appear to be the government's justification for insisting that they don't actually, actively "spy" on you. It is true: If they only compile these transactional records and don't do anything with them, and they faithfully honor this distinction, then the scale of the actual surveillance is not necessarily harmful, although it feels heavy. That's a big if. It depends on whether you believe the NSA follows the rules.

2
navyrain 2 days ago 3 replies      
It seems pretty clear that the NSA engages in bulk collection of databases which _might_ someday contain something interesting, and only considers it "interception" when they query their own DBs.

These creative redefinitions of seemingly benign terms are at the root of the problem.

3
DrewHintz 2 days ago 0 replies      
In March 2013, the Director of National Intelligence specifically told Senator Ron Wyden that the NSA does not wittingly collect any type of data on millions of Americans: http://www.youtube.com/watch?v=QwiUVUJmGjs&feature=youtu...
4
rosser 2 days ago 1 reply      
I wish I were only snarking when I wonder whether there's a double-top-secret exemption to the laws about perjuring one's self before Congress, which is, itself, secret. It just wouldn't do to have the laws that allow people to lie to Congress about secret stuff be public knowledge, after all...
5
mtgx 2 days ago 2 replies      
This is from last year. It shows that he was lying the whole time. Hopefully there are serious consequences for that.
6
lsiebert 2 days ago 1 reply      
He was asked about the interception of the email content, but most of the information we have suggests that the NSA is receiving information about email and phone metadata.

Also the questions focus on what the NSA is intercepting, not what they are being given /demanding under a NSL.

Also it's unclear what processing by computers may be done of such material. If you have a computer doing threat assessment of all emails, but the NSA employees only get the assessment results, not the text, they could arguably state what they are saying.

Wrong questions. Someone should clue congress into the right questions.

7
dnm 2 days ago 0 replies      
I'm not sure I understand how this relates to the Guardian article. My understanding of that is that there's an NSL ordering Verizon to give electronic records of the calls to the NSA. The NSA isn't collecting, intercepting or monitoring anything. They're being handed the data by VZ. What's the relevance?
8
godgod 2 days ago 1 reply      
In other words, your government lies to you.
9
coldcode 2 days ago 0 replies      
Sir your pants are on fire.
10
MrQuincle 2 days ago 0 replies      
So, if I understand correctly, the "challenge" for the NSA is to route everything through routers in a foreign country. There the NSA is allowed to do whatever it wants.
11
scrabble 1 day ago 0 replies      
Does anyone trust an organization that has been spying on them to tell them the truth afterwards?
12
mimiflynn 2 days ago 0 replies      
Should we add the story date to this title? 3/20/2012
13
VoiceofKtulu 2 days ago 1 reply      
This article is a year old, guys.
22
Google tried to resist FBI requests for data, but the FBI took it anyway venturebeat.com
331 points by cwilson  2 days ago   81 comments top 17
1
mtgx 1 day ago 2 replies      
300,000 NSL's? Is that really how many terrorist plots they've foiled or even suspected? Because I'm very skeptical about that.

The fact that the government can put a gag order 300,000 times on companies and people like this is insane. Forget about "future abuses". It has already happened and keeps happening. It's pretty clear the government is very loosely using these NSL's now. Where are the checks and balance?

2
jordanthoms 1 day ago 2 replies      
So what happens if you tell them to go away anyway? They take you to court? Raid your datacenter? Good luck getting public support for that. Seems the problem with these secret orders is, you can't actually _enforce_ them without making them public, you can just make threatening gestures.

I'm dissapointed no tech company has decided to play hardball on this...

3
EGreg 1 day ago 2 replies      
Let me get this straight, when you receive an NSL from the FBI (executive branch) then you are not allowed by law to contest it in court (because of the gag order) without fearing repercussions for violating the gag order by revealing the NSL to the executive branch? Where are the checks and balances??
4
andyl 2 days ago 9 replies      
If you don't want Google giving your data to the FBI, then don't use google. Oh - wait - Google is gonna get your data no matter what. Google Analytics.
5
kiba 2 days ago 1 reply      
Even if we could trust google to fight for our interest, we may not be able to trust our governments to do the right thing.
6
AddisonRyan 1 day ago 8 replies      
Are people actually upset with Google and the other tech companies over all of this? It seems they were legally compelled to do it. Be furious at Washington, not Silicon Valley.
7
mrschwabe 2 days ago 0 replies      
Oh OK Google "tries" to resist FBI requests, but how about requests from the NSA? Top secret:

http://www.pcworld.com/article/217550/google_watchdog_white_...

8
dschiptsov 2 days ago 1 reply      
Companies like Google, FB, Tweeter even Amazon and Opera are intentionally built to collect, mine and analyze, then sell (or profit from) its user's data. This is just a standard way of making money - collect a huge dataset of user-generated data and then monetize it.

No wonder that authorities will use the data, because, well, it is just business as usual.)

9
rpgmaker 2 days ago 1 reply      
Misleading headline. Google fought that one time but it's been years since they've been part of PRISM.
10
malandrew 1 day ago 0 replies      
Could they just partition user data so that data locality on citizens of country X are located in country Y and therefore outside the jurisdiction of country X.

When you sign up, they could make this an option. "Do you prefer faster access to your data or have you data located in a specific jurisdiction?"

11
pcx66 1 day ago 1 reply      
I can't help but wonder how such a system can be practically implemented. I cannot imagine that engineers at companies like Google, Apple, MS etc, the ones working on stuff like Gmail, YouTube, iOS, would co-operate with such unethical practices.

But it has been proved again and again that authority trumps conscious.

12
neaanopri 1 day ago 0 replies      
I'm surprised google didn't go public with all of this information. They have more legitimacy and support than the government at this point, and I think that if push came to shove, google would just refuse and call the NSA's bluff.
13
grandalf 1 day ago 0 replies      
Someone high up at Google could have risked jail time if the issue mattered. None did. That says it all.
14
Tosh108 1 day ago 1 reply      
How does this effect foreign users of these services? I mean I'm pretty sure that they haven't restricted their data collection to US citizens. Is there international law about this?
15
Quarrelsome 1 day ago 0 replies      
Wait.... if I use Google Analytics on a site this implies that the IPs of every visitor to the site is available to the NSA? Correct?
16
_progger_ 1 day ago 0 replies      
Probably not as easy as resisting paying proper taxes...
17
chrisgd 1 day ago 0 replies      
Says google
23
Thousands dead, millions deprived of civil liberties? (2001) stallman.org
322 points by k2enemy  1 day ago   116 comments top 7
1
cs702 1 day ago 4 replies      
As usual, Stallman was not only ahead of his time, but also swimming against the tide of conventional wisdom, immediately after the attacks of 9/11. While nearly everyone else was focused on more mundane concerns of immediate importance, he was worried and tried to warn us about long-term, higher-order, societal consequences. (He's always doing that -- worrying about long-term, higher-order consequences -- so his warnings and antics strike more practical people as being 'out of touch with reality.')

Like him or not, Richard Stallman is already a major historical figure, because his impact on society (via the gnu, FSF, various manifestos, and activism) will be felt for a very long time. Much of what he has said/written in the past has gained stature with the passing of time.

--

Edit: added last sentence.

2
kunai 1 day ago 6 replies      
This is why I get very angry whenever somebody calls Stallman a nut. He's not a nut. He's a visionary; albeit a very pessimistic and dystopian one. Call him crazy now, but in 2023 you'll look back at what he said now, and you'll see how it's all right and wish you'd done something. Anything.

But no. Free software is not business-oriented. He's a nut because of his privacy advocation; he must have something to hide. Let's just ignore him, and start startups and get everyone to accept our vendor lock-in and remain blissfully unaware how we're harming everyone.

3
ChrisNorstrom 1 day ago 0 replies      
I have to bring this up.

I'll never forget growing up on reddit and digg during the Bush Era. People were talking about this stuff all the time, calling Bush Hitler and the Patriot Act evil, Gitmo unconstitutional, and raising awareness of the uncivilized wild-west Republican and Conservative Parties. I mean Redditor's honestly thought the USA was coming to an end. Then after Bush left and Democrat Obama got in things continued to get worse. Attacks on privacy and constitutional rights, drones, surveillance increased yet the backlash isn't there. Think of all the terrible things you read about Bush, now come to the realization that Obama is continuing this behavior yet people (Democrats in particular) aren't complaining. Because their party is in power.

That was the moment I realized the worst thing about America was the 2 party system. Each party is oblivious to it's own flaws, blames the other party for everything. It's called "Ingroup Bias" http://www.alleydog.com/glossary/definition.php?term=Ingroup... This same "Ingroup Bias" is what's preventing Americans from standing up against their party when they introduce invasive legislature AND preventing members of both the Republican and Democratic parties from standing up against their party's own extreme views on national security.

=== My Point ===

If either party puts a stop to the extreme surveillance and a terrorist attack happens, that party will forever be blamed by the other and will lose elections for quite some time.

4
methehack 1 day ago 1 reply      
I had the same thought at about the same time. I think a lot of people saw this coming. Uber-surveillance has been a old standby for dystopian popular entertainment for a good while. It's almost like NSA spooks have been consulting to hollywood to make a little coin on the side.

What I admire more than Stallman-the-visionary is Stallman-the-idealist. The guy speaks his mind even when it's really difficult. Further, he appears to live in accordance with his thinking as best he can even though it's pretty inconvenient. These are both really very difficult to do consistently over the long haul.

At the time Stallman wrote this, it was a very unpopular thing to say. He was not just considered a crackpot but drink-in-the-face-at-parties unpatriotic.

For better or worse, I'm more of a pragmatist. I often experience the idealist as a pain in the ass and standing in the way of 'getting things done'. It's good for me to be reminded that the idealists must be listened to carefully. It might just be that I'm trying to get the wrong things done and I should slow down and listen.

5
fennecfoxen 1 day ago 1 reply      
I'm just going to quietly leave this quote here.

"Unfortunately, youve grown up hearing voices that incessantly warn of government as nothing more than some separate, sinister entity thats at the root of all our problems. Theyll warn that tyranny is always lurking just around the corner. You should reject these voices."

(The Ohio State University commencement address)

6
winter_blue 1 day ago 2 replies      
Wow, Stallman sure has a way of predicting the future. This isn't the first time he's predicted the future with such accuracy -- remember the story that he wrote about a dystopian world far away in the future where books were under DRM? It's so funny that story came true so much earlier than expected.
7
flexie 1 day ago  replies      
I think the apparatus available to today's government for spying on its citizens would make a 1980s KGB or Stasi agent blush.
24
NSA Monitoring Includes Three Major Phone Companies, ISPs, Credit Card Providers wsj.com
303 points by rasterizer  2 days ago   9 comments top 3
1
danso 2 days ago 4 replies      
> "Everyone should just calm down and understand this isn't anything that is brand new,'' said Senate Majority Leader Harry Reid (D., Nev.), who added that the phone-data program has "worked to prevent'' terrorist attacks.

Politicians are so bad at making reassuring statements in cases like these that I wonder why they even try?

Also, I wonder if someone at the agency/intelligence committees would kindly point out what this great data net was doing when two young and very Internet-active men decided to blow up the Boston Marathon and were only caught through (video at the scene) surveillance tapes?

2
suredo 2 days ago 0 replies      
Obama's administration said that this isn't anything brand new and that we should not worry about it, but he also said that he would not sign extensions of the PATRIOT act either.. which allowed a lot of this...
3
venkasub 2 days ago 0 replies      
And if this were to happen in a developing or an under-developed country, it would just die a silent death...The way it happened/happening in India.
25
Burner Phone burnerphone.us
299 points by rubyrescue  1 day ago   222 comments top 3
1
rdegges 1 day ago 19 replies      
Hey all, I'm one of the creators of BurnerPhone, and just wanted to leave a comment with a few facts about the product.

We weren't really planning on launching this thing so quickly (we planned on making improvements to the site, etc. and launching in the next couple of weeks) -- but since all the press about the NSA / phone stuff came out it seemed like a good time to put our MVP online.

Anyhow, we're basically trying to provide our users with a secure-as-possible communication device that allows them to remain as anonymous as possible. Yes -- the government can definitely collect call data and SMS data, but by using different devices and SIM cards (phone numbers) you can abstract away all but the most difficult to track details: your voice, your writing style (sms messages).

Using a BurnerPhone allows you to make phone calls and send SMS messages that won't be linked back to your by your telco billing records.

In regards to how we work:

- These phones come with unlimited talk and text for 30 days, nationwide coverage.

- We piggyback off of tons of US carriers, so depending on where you're located, you'll be connected to a different cellular network.

- You can recycle these phones (we have a lot of plans with this in the future).

I'd love to get some feedback from you guys, really respect HN and your opinions.

2
rscale 1 day ago 2 replies      
If anybody needs true, total anonymity it's worth reading this paper before buying any cell phone: http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3607247/pdf/srep...

The paper shows that 95% of cell phone subscribers are personally identifiable from VERY little spatio-temporal information.

Another issue is that an upstream vendor could easily provide the government with the phone IMEIs and SIM IMSIs that they supply to BurnerPhone, without disclosing this to BurnerPhone. This would create a pool of phones that are self-identified as high-value surveillance targets.

If I was in charge of identifying miscreants for a nasty regime, I'd also watch for SIM card changes (an IMEI whose IMSI changes on a regular basis), and I'd especially look for cliques of handsets that showed the same SIM-changing behavior. As such, I can't help but wonder if swapping SIM cards might generate unwanted attention.

3
nikcub 1 day ago  replies      
Why doesn't someone just built a Tor hidden service that is an interface to the Twilio (or similar) API? Sign up with Bitcoin, get a phone number and then send/receive SMS and send/receive calls using DAP/getUserMedia (html5 mic + audio) in a web browser.

Using a physical cell phone still leaves a trace of the purchase, shipping, physical call location, cell site pings, etc. Plus in a lot of jurisdictions it is now a legal requirement to verify identity and adress with issuing phone numbers.

Using a Tor hidden service (+VPN, etc.) I could be anybody anywhere in the world. Less bits figured out.

edit: apologies if this is hijacking the thread

26
NSA collecting phone records of millions of Americans daily guardian.co.uk
285 points by bcn  3 days ago   145 comments top 9
1
notdrunkatall 3 days ago 5 replies      
Everyone should see this relevant NYT short about William Binney, a 30 year veteran crypto-mathematician for the NSA who designed the program that is now being used by the NSA to spy on us all:

http://www.nytimes.com/2012/08/23/opinion/the-national-secur...

His story was corroborated by Mark Klein, a former ATT employee who amassed evidence that the NSA was, with ATT's complicity, running a data-gathering node in room 641A of ATT's San Francisco building:

http://en.wikipedia.org/wiki/Mark_Klein

This is not some conspiracy theory. It's happening, and no one seems to care.

2
bcn 3 days ago 0 replies      
The order in a nutshell:

IT IS HEREBY ORDERED that, the Custodian of Records shall produce to the National Security Agency (NSA) upon service of this Order, and continue production on an ongoing daily basis thereafter for the duration of this Order, unless otherwise ordered by the Court, an electronic copy of the following tangible things: all call detail records or "telephony metadata" created by Verizon for communications (i) between the United States and abroad; or (ii) wholly within the United States, including local telephone calls.

-http://www.guardian.co.uk/world/interactive/2013/jun/06/veri...

It was approved (reapproved?) on April 25, and valid until mid July, and scheduled for declassification in (oops!) 2038. Interesting to note that this order was directed at Verizon, but presumably other carriers have received similar ones?

3
rosser 3 days ago 2 replies      
Now that we know that every call is being slurped up by the surveillance-monster, people can no longer bury their heads in the "but they're only snooping on the 'bad guys'" sand. Maybe though doubtfully that will finally raise some broader public ire.

EDIT: phrasing.

4
guelo 3 days ago 2 replies      
Glad we have the FISA court to make sure the NSA is only able to have access to every single phone record. Otherwise they might overreach.
5
coenhyde 3 days ago 5 replies      
Someone needs to find a way to make end to end encryption of phone calls a reality.

I can think of technical solutions but it's another matter to get adoption. Also it can't only be an app. The phone can not be trusted. I think you'd need a small device that connects via wifi to your phone and then run some encryption over the top of that. It could be very small with only speaker and mic capabilities. Then you'd have an app on your phone to initial calls and display incoming calls.

6
hammock 3 days ago 0 replies      
The NSA collecting call-detail records en masse is not news, and goes back to at least 2006. http://en.wikipedia.org/wiki/NSA_call_database

The news is that the Guardian has got a copy of an actual court order, so we can see the exact language used with the phone companies.

7
calhoun137 3 days ago 3 replies      
Its nice to finally see a glenn greenwald article on the front page for once. I have been reading him every day for years and i would highly recommend his entire body of work to anyone who is not familiar with it.
8
tibbon 3 days ago 5 replies      
Yet, no mention on front page of CNN. However there is "What breast-milk lollipops taste like" and "Before and after: Child stars"
9
brown9-2 3 days ago  replies      
I hope that anyone in the US who is outraged realizes that the only real chance for change on this topic is in electing like-minded representatives to Congress, and getting everyone you know to vote the same way. Your current senator or representative likely supports this sort of action already, and it's not a violation of current law.

It's not a party issue but rather a power issue, institutions that have it won't give it up on their own.

27
Send payouts with Stripe stripe.com
284 points by pc  3 days ago   137 comments top 9
1
silverbax88 3 days ago 1 reply      
I just used Stripe for one of my major annual events. I used PayPal the first two years, and all I can say is Stripe is far superior to PayPal. I do wish the dashboard was a little more configurable, but that's minor. Everything else is so much better.

Pros: + auto deposit into the back account without having to make requests

+ easy refund process

+ easy charge identification process

Cons:

- a few customers like using PayPal, so there's that. We dropped PayPal entirely from the online sign up and payment so for the users who wanted PayPal we had to send them our PayPal address. Not entirely smooth or professional, but that's not Stripe's fault, it's the reality of having an entrenched payment processor.

- the dashboard displays total volume, and that's it. Would like this to be configurable. Showing total volume since day 1 is pretty useless, especially since it does not appear to remove refunds.

2
zende 3 days ago 5 replies      
(I work at Balanced)

Balanced (https://balancedpayments.com) provides a payouts solution for marketplaces like redditgifts, Crowdtilt, Fancy, Artsy, Visual.ly, and many others.

The differences with Stripe include the money being available for payout immediately (instead of 5 days), and the recipient will receive the money the next business day. Balanced has also performed a lot of work to verify merchants with as little information as possible name, dob, and address. Instead of SSN for an individual you only need to pass in the last four.

3
randall 3 days ago 3 replies      
I'm most interested in the inverse... allowing customers to send us cash directly from their bank accounts for $.25 per transfer (instead of the bullshit credit card company fees). I'm sure there's some serious fraud implications that Stripe would have to deal with to ensure validity, but is that coming?
4
jasonswett 3 days ago 2 replies      
I assume the author of the announcement wrote the example code with the longshot hope that some Stripe users would say, "Hey, I guess I'll send Amber Feng three thousand bucks, just to see if this works." Takeaway point: always write code examples in such a way that a straight copy-and-paste might send you a lot of money.
5
losvedir 3 days ago 0 replies      
Congrats on the launch!

My startup was in the private beta for this and is in the process of switching to Stripe for ACH payouts from our previous provider bill.com. The folks at Stripe are super friendly and helpful. Two thumbs up! :)

6
zrail 3 days ago 0 replies      
This sounds pretty awesome, I can't wait to try it out.

FYI I'm working on a guide to integrating Stripe with Rails[1] and I'll definitely be covering this, as well as Stripe Connect.

[1]: http://www.petekeen.com/mastering-modern-payments

7
aaronbrethorst 3 days ago 3 replies      
How does this jive with laws around transmitting money?
8
tyre 3 days ago 1 reply      
How long does it take from the time I create the transfer to it hitting the user's bank account?
9
troyk 3 days ago  replies      
This is cool, but the money has to be charged via credit card first right? It would be nice to transfer money from the bank account linked to stripe to another account, and as a user of Stripe's connect API, it would be nice to enable this in our apps for our users.

Even cooler would be full blown ACH. We are working with ACH providers now and what a stark contrast to the beauty of stripe. All require some form of monthly fee, paper set-up forms with 1-2 week delays (vetting periods) and API's from the 90's

28
Sen. Mark Udall: I knew about the NSA spying, did everything but leak to stop it denverpost.com
280 points by lawnchair_larry  2 days ago   48 comments top 9
1
dkulchenko 2 days ago 6 replies      
This really is the way to stop this. Support representatives like Mark Udall and Ron Wyden and vote everyone who's supporting PATRIOT and warrantless wiretapping out of office.

Civil liberties should be as big of an issue (if not bigger) during elections as the economy.

2
rollo_tommasi 2 days ago 1 reply      
If he had access to documents showing the extent of this program he should have read them into the Congressional Record, like Mike Gravel did with the Pentagon Papers.
3
anigbrowl 1 day ago 3 replies      
I have to say I find this oddly disingenuous. Senator Udall is surely aware that he could have offered up this knowledge in a speech on the Senate floor and enjoyed total legal immunity under the US Constitution, with Supreme Court precedent to back him up: http://en.wikipedia.org/wiki/Speech_or_Debate_Clause
4
nhebb 2 days ago 1 reply      
Leon Panetta leaked classified info to the makers of Zero Dark Thirty, and there were no repercussions (hell, he even got promoted to Secretary of Defense). I really doubt there would have been repercussions if Udall had leaked this information. While I'm glad that Udall is fighting for civil liberties, this doesn't exactly seem like material fit for an updated version of Profiles in Courage.
5
cgag 2 days ago 2 replies      
Everything but actually bringing it to public attention.
6
josephlord 1 day ago 0 replies      
If you are on the Inteligence Committee and you leak stuff it is a very risky strategy as:

1) you will get thrown off the committee and someone more trusted by the agencies will replace you.

2) even after throwing you off the committee they may keep more secret information from the committee and justify it by the risk of the members leaking it as in this example.

You need to try to ensure leak is big enough to break the current system and INCREASE the oversight rather than further reduce it OR to have reached a point where you aren't actually doing any good on the committee in the first place.

7
wavefunction 2 days ago 0 replies      
Then he did not do enough. Step up as an American, sir.
8
suredo 2 days ago 0 replies      
"... was broadly securing tens of thousands of Americans phone records ..."

make that millions?

9
fatjokes 1 day ago 0 replies      
Read: did everything but risk himself to stop it.
29
NSA's Backdoor Key from Lotus Notes cypherspace.org
275 points by EthanHeilman  7 hours ago   48 comments top 12
1
rozzie 2 hours ago 4 replies      
Ray Ozzie here. Regarding "minitruth" - you've got to maintain a bit of a sense of humor when things get stressful.

It was such a long time ago, but one thing that clearly differentiates our efforts in those days vs. what's been reported in the news in the past few days is the issue of transparency.

The day we shipped the "differential workfactor" implementation in Notes, I keynoted the RSA Conference and gave a speech laying out what we did and why. Charlie Kaufman, a great cryptographer who worked for me, also distributed a paper he wrote with the technical details. You can find my speech and his paper buried in here if you're interested. (search for "lotus.notes")

http://web.textfiles.com/ezines/HWA/hwa-hn19.txt

And if you're really motivated to understand what it was like during the Crypto Wars, go read Steven Levy's book "Crypto".

http://www.stevenlevy.com/index.php/books/crypto

Back to the present - it pains me to see such a lack of transparency in how our elected officials are running our government. Of course, the common man knows it's common sense that there's an inherent need for secrecy in conducting small scale covert operations. We do get it.

However, it's also common sense that it's inevitable that any complex large-scale long-term operation will ultimately come to light. And so it's just common sense that any such broad-based operations that might be perceived as impacting our constitutional rights should be the subject of broad public debate. No, not when they're being prototyped or tested or used in small scale settings - but definitely somewhere on the path from "tactical use" to "broad strategic dependence".

These are not small issues, nor need they be at all partisan. Wyden, Paul, and others are trying. Theses issues are fundamental to defining the relationship between us citizens and our government in the decades ahead.

In particular, in this world where "SaaS" and "software eats everything" and "cloud computing" and "big data" are inevitable and already pervasive, it pains me to see how 3rd Party Doctrine may now already be being leveraged to effectively gut the intent of U.S. citizens' Fourth Amendment rights. Don't we need a common-sense refresh to the wording of our laws and potentially our constitution as it pertains to how we now rely upon 3rd parties? It makes zero sense in a "services age" where granting third parties limited rights to our private information is so basic and fundamental to how we think, work, conduct and enjoy life.

For example, did you really intend to yield your 4th amendment rights when you granted a 3rd party access to your files as a part of Mac Software Update, Windows Update, Virus Scanners, etc., or when you started using a service-tethered smartphone?

Anyway, unlike 'web tracking' issues which seem to be broadly ignored because of our love for ad-supported services, I hope we all (especially the young readers of reddit, hackernews, etc) wake up to the fact that these privacy and transparency issues are REAL, and that they truly will impact you and the country you live in, and that even if you don't consider yourself an activist you really should get informed and form an opinion. Again, this is a non-partisan issue, and let's all work to ensure that it stays this way.

Two great organizations where you can learn are EPIC and EFF. (Disclosure: I am on the board of EPIC.) Take it in, and think. Your contributions are needed and would of course be quite welcome.

http://epic.org

http://eff.org

2
jrockway 3 hours ago 0 replies      
If I were a programmer that wanted to damage the reputation of my employer, I'd embed a key in its software that made it look like the software was sending all user data to the NSA. Any denial would meet "well, there's a secret law making you deny it". The perfect crime...
3
acqq 6 hours ago 2 replies      
Also from these times:

http://en.wikipedia.org/wiki/NSAKEY

An example of coverage, very similar to what we read now:

http://www.whale.to/b/ms.html

4
krenoten 4 hours ago 1 reply      
Interesting article, but slight quibble: differential cryptography is a cryptanalysis technique, ie a method that anybody can use to try to break a cipher.

http://en.wikipedia.org/wiki/Differential_cryptanalysis

5
anonymfus 6 hours ago 1 reply      
>This page has also been translated into Russian here

It is not in Russian. It's in Belarussian.

6
jamesaguilar 6 hours ago 7 replies      
I may be willing to believe the NSA are misguided, but nobody uses the bad guys' name for themselves on purpose. The NSA used Minitruth as the name of their backdoor? Gimme a break.
7
scaramanga 1 hour ago 0 replies      
hmm, I was expecting to see that they'd factored the private key. It's been done before for 768bits RSA and presumably both NSA and RSA are picking good semiprimes but maybe not eh? That would be interesting to know.
8
javanix 6 hours ago 3 replies      
Would they really put the NSA director's email in the PGP key? Something smells fishy about this.
9
TheYComb 2 hours ago 0 replies      
http://support.citrix.com/article/CTX116557

Getting the private key is as easy as having a smart person inside the company that works for both the company and the gov.

Then you just have to sit on a router and read the traffic. Relatively simple for a gov agency.

There are 2 ways to be safe:1) You do not use any technology.2) You are honest in everything you do.

The second one is probably the easiest.

10
apapli 5 hours ago 2 replies      
Given many companies running notes push forms out to their web site, I am curious, does now knowing this key increase the vulnerability of Lotus Notes servers everywhere as theoretically anyone can use it now?
11
BruceLi 58 minutes ago 0 replies      
Welcome to China!
12
cocopanda 4 hours ago 2 replies      
Should I be worried about looking at this.
30
Hacker Who Helped Expose Steubenville Could Get More Prison Time Than Rapists businessinsider.com
274 points by soleimc  1 day ago   72 comments top 13
1
danso 1 day ago 3 replies      
OK, this sounds pedantic, but "Convicted for Longer"* is not accurate...you're not convicted for a period of time, you're convicted and then sentenced to a period of jail time, or probation.

And of course, as we all know from the Aaron Swartz coverage, "could serve for as long as..." is different than "actually serve a sentence of [xy] ears".

But the most relevant quibble is this: a father who beats these rapists with his fists would also face a longer sentence than these accused rapists (who, according to the OP, faced 1-2 years)...because these convicted offenders were juveniles.

And as much as we want to celebrate extra-judicial vengenance upon convicts, juvenile or not, I think we should be aware that there may be unpleasant consequences when our justice/political system looks the other way upon unlawful actions in which "the ends justified the means".

...because, I mean, isn't that at the core of the NSA controversy that is currently raging in the the other 20 HN threads?

* edit: the original title for this submission was "Hacker...Could Be Convicted for Longer..."

2
mratzloff 1 day ago 3 replies      
Here's a summary:

A girl in a high school football-obsessed small town went to a party and was assaulted by football players who later bragged about it on Twitter.

A blogger saw the posts (later deleted) and took screenshots. She tried to get justice for the victim by re-posting these on her blog. For this she was hounded relentlessly in the town and a defamation suit was brought against her.

The players bragged that the coach knew about the accusations and would make them go away.

Two of the football players were later given 1 and 2 year sentences in juvenile detention, largely due to the efforts by people who got involved in bringing this case to a wider audience.

As for the hacker...

I've read the linked article, another article, the accused's webpage, and an article by the blogger who stood up for the rape victim, and I still can't figure out exactly what role, if any, this guy had in this mess.

3
Jabbles 1 day ago 3 replies      
An informative read if you're curious about US sentencing: http://www.popehat.com/2013/02/05/crime-whale-sushi-sentence...;

excerpt: "People reporting on federal criminal justice whether journalists or bloggers routinely report on the statutory maximum sentence that a defendant could hypothetically get, an oft-ridiculous figure calculated by taking all the charged crimes and adding up the maximum punishment for each. This is usually followed by some sort of pronouncement that THIS PERSON CHARGED OF MINOR CRIMES FACES MORE JAIL TIME THAN YOU'D GET IF YOU BEAT A TODDLER TO DEATH WITH AN UNCONSCIOUS NUN WHILE RAPING A BLIND LIBRARIAN, or words to that effect."

4
forgotAgain 1 day ago 1 reply      
The original Mother Jones story is here:http://www.motherjones.com/politics/2013/06/kyanonymous-fbi-...

At first, he thought the FBI agent at the door was with FedEx. "As I open the door to greet the driver, approximately 12 FBI SWAT team agents jumped out of the truck, screaming for me to 'Get the fuck down!' with M-16 assault rifles and full riot gear, armed, safety off, pointed directly at my head," Lostutter wrote today on his blog. "I was handcuffed and detained outside while they cleared my house.

5
pfortuny 20 hours ago 0 replies      
You know: the rule of law is more important than a lot of things (especially if these are done by minors). I have not understood what the 'hacker' did but IF it were trying to overstep due process, I would understand a very painful sentence.

The constitution is all about that: freedom and how the State handles the issues. Due process cannot be subverted without punishment even though doing so may have 'good consequences': the classical problem of the ends and the means.

6
gmu3 1 day ago 2 replies      
I feel like it is a little unfair comparing the number of years someone is sentenced and going to jail for and the number of years someone could go to jail for if they are found guilty and receive the max sentence.

(Perhaps people don't think the hacker did anything that should be considered a crime worthy of a sentence that long, but that's a totally different argument)

7
ScottBurson 1 day ago 0 replies      
Direct link to defense fund donation page: https://www.wepay.com/donations/deric-lostutter--ky-anonymou...
8
codezero 1 day ago 1 reply      
I imagine that he faces charges, not specifically for crimes committed to out the rapists, but possibly for a number of other illegal activities related to hacking.

That one of his deeds ended up resulting in outing bad people, does not mean that he is always so conscious or on the side of good.

9
rosser 1 day ago 1 reply      
This is one of the most reprehensible things I've heard in I don't even know how long.
10
cLeEOGPw 15 hours ago 0 replies      
It is actually very logical that hackers are sentenced for much higher than violent criminals, because a hacker is a potential threat to the government stability (in case he exposes secret data about the activities of the government), while all violent criminal does is damages one or few people property and/or health. In the sense of computer system, a violent criminal is some incorrect input, while a hacker is a bug in the system.
11
yekko 1 day ago 0 replies      
Priorities, our masters sure got them.
12
daned 1 day ago 0 replies      
What are they alleging he did?
13
detcader 1 day ago 0 replies      
Kill Aaron, put kids in prison for dDOSing... but for god sakes, don't ever try to send a message to potential rapists! That would be oppressing men everywhere!
       cached 9 June 2013 04:11:01 GMT