"sounds really trivial to break. I can see all kinds of kids doing this."
It's straight out of the Mythbusters fingerprint scanning episode.
They didn't find one they couldn't defeat, and many of them were ridiculously easy. They used exactly this technique.
I've been saying it for years: at our currently level of technology, relying on fingerprints for security (or nearly any biometric for that matter) is asking for trouble. It's just not good enough.
I already stated the grounds: anti-competitive practices.
There are ways to compete in markets, and there are ways to "lock in" your customers and reduce their choices. The former is generally considered good, and the latter is generally considered bad. Depending on how egregious the "lock in" is, it is sometimes ruled to be illegal.
Example: suppose you built an automobile in such a way that it could only use YOUR brand of gasoline, which was only available at YOUR filling stations. And YOUR brand of oil, YOUR antifreeze, etc.
Sure, it's arguable that people don't have to buy the car. That's nice and simple.
But what if there were only 2 or 3 brands of cars available? Peoples' choices are reduced.
What constitutes "anticompetitive practices" depends on the particular situation. But I would say Apple is pushing the envelope a bit. Maybe it's not illegal, YET. But if they keep it up, sooner or later they are bound to cross the line.
They already have, in other areas. Like the price-fixing suit, for example.
"The NSA had earned the trust of just about everybody in the community by improving DES with changes nobody understood until fifteen years later. "
Are you being sarcastic? The "improvements" they made are now being looked at, 15 years later, as examples of Government backdoors in their encryption.
(I know it's not every case, but the consensus is that it was in THIS case, and possibly several others. I have friends in the field and they knew about this particular instance of PRNG for elliptiical curve crypto way back when. Few trusted it except, apparently, RSA and its customers.)
So any "improvements" from the NSA have to come with a grain of salt. You might have the best encryption system in the world, but if your credibility is shit (as the NSA's now is), it doesn't matter much because nobody will use it.
"There are other licensed cables. I would embrace the chance to buy non-chinese local produced apple licensed cables. The middle ground is just hard too find."
That is an argument AGAINST the lock-in I was referring to, not for it.
Other LICENSED cables. Sure. But why are there cheap Chinese knockoffs in the first place? BECAUSE the costs of cables are being artificially inflated by the licensing scheme.
You don't see this shit in competitive markets. In THOSE markets, products get BETTER, not worse, and the price continually goes DOWN.
I think we're on the same channel here. But the exact mix of brilliance and stupidity is really not so important. Whatever the magnitude of the individual parts, the end result is still that NSA can't be trusted to act in the public good.
Cyanogen does not have all the proprietary "bloatware" that carriers and manufacturers load on phones, which access your location and other data as you go about your daily activities.
And yes, make no mistake, they DO phone home with that data. In the vast majority of cases.
"The dongles weren't hacked. Someone broke into RSA and stole the seed records, which is what goes inside the security dongle (and is supposedly impossible to extract from the dongle)."
Technically correct. I almost wrote "but it's a distinction with no difference"... except that's wrong. It's actually WORSE. It means it wasn't just a bug... RSA was woefully irresponsible with vital user data.
Unless I am mistaken, exactly this kind of "corporate lock-in", for safety or any other reason, has consistently been ruled by the courts to be "anti-competitive practice" and is outlawed.
I *LIKE* Apple products. But I do not like the lock-in, or Apple's attitude about it. I would be happy to see a class-action lawsuit over this.
"Personally I suspect the Linkedin Android App slurps your addresses from the phone, but I'n not about to install it and find out.
My spam folder is full of Linkedin invitations."
Good point. I hadn't considered the Android app. Those things need better security + privacy controls.
The hell of it is, everybody denies it, but Google purposely designed Android to give access to users' data. (Just like it purposely designed Google to slurp users' data at every opportunity.)
That's why I'm seriously considering CyanogenMod for my phone. It's an "open source" environment that really is open.
"Is NSA finding this RNG hard to crack, or did NSA tell RSA to slip in a backdoor back in 2006 - and RSA folks are trying to crawl out of the hole they dug for themselves?"
Funny. I hadn't read these comments but I came to the same conclusion. I think that's likely what they did, and yes that implies that they have users' passwords in plaintext.
"Maybe they used a cookie for an email session that was already opened by the browser?"
Unlikely.
If they were doing this at all, I'd give you 10 to 1 they were just trying the external email accounts using the same passwords the users use on LinkedIn. That's easy, and it would likely have a success rate of 50% or even more.
More troubling: if that's what they did it implies that LinkedIn stores your password in plaintext somewhere.
"Solving problems is like marinating meat. It takes time. If you rush it, you get a quick solution, but not the best. A quick solution might be acceptable for one meal, but not for future meals.
The "Eureka effect" isn't something new."
"3D printing could make intellectual property laws impossible or impractical to enforce."
Bullshit.
"IP" laws are quite practical and possible to enforce... at least, the reasonable parts of them are.
Study after study after study have shown that personal copying HAS NOT HARMED either the music or software or music industries. If anything, their profits have gone up. The continued attacks against making personal (as opposed to for commercial sale) copies is nothing more than an attempt at absolute control.
3D printing does not "threaten" so-called "intellectual property" laws in the least. Neither did Jacquard looms, or computer punch cards, or cassette tapes, or DVDs, or automated lathes, or injection molding, or CNC machines. All of the industries that depended on those things for manufacturing or distribution have been thriving. If anything, more so than if those things had not come along.
Immature, is it? Well, let me "maturely" dissect the questions you asked:
"What are these "many" ways? Are they only superior in your opinion, or only in your particular use cases? Because I almost never people able to give me specifics on why OSX is superior to other OSes unless it's just a specific piece of software or some feature that only a few people would ever care about."
Translation: "The only people I know who say this have no reason for saying it, so I'm pretty sure you don't know what you're talking about either. You only care about yourself."
If that's the case, Windows and Linux are just as "superior", not to mention other operating systems nobody ever tries because the mainstream OSes are so damn "superior."
Translation: "I'm putting 'superior' in quotes because I don't believe you and I'm going to argue with you because I think you're just talking out your ass."
When you can learn to ask questions in a mature, civil manner, you might start getting what YOU consider to be "mature" answers.
Don't bother to keep replying. I won't. You don't deserve any more of my time. Stop acting like an asshole and maybe people would actually answer your questions rather than being insulting in return. Note: that's the third time I've said that, in one way or another. I have no reason to keep saying it, even if you try to insult me yet again.
"Don't flatly say something's superior if you don't want to quantify it when you're challenged for your lack of insight."
And don't try to blame me for your rude manner of asking the question.
I repeat: as far as YOU are concerned (see that emphasis on YOU?), it is my opinion, about my use-case.
Maybe, if one day you learn to ask questions politely instead if insinuating some kind of misfeasance by the other party at ever turn, they might deign to actually answer you.
I'm sad when a power tool breaks down, but that doesn't prompt me to want to bury it and hold a service. And I don't hesitate in the slightest to go get a new one.
"You response to this point makes no sense. I have said nothing about any abuses here, and haven't blamed anything on anyone."
Pardon me there; I had your remarks confused with someone else's. My mistake.
" my point was that the only reason for a society to grant patents is to provide a viable alternative to the former system (closely held trade secrets) without the risk of the secret dying with the inventor?"
I guess my question would be WHY you see ONLY this reason, and refuse to acknowledge the others. I mentioned at least one of them. But you have rejected it without any real argument or refutation, and simply repeated your original statement again.
The fact that inventions were created before the motivation of patents existed, is not evidence that patents do not create motivation. The real question, which you have refused to even acknowledge so far, is: which is BETTER? A system with no patents, or a system with patents.
By your argument, I could claim that firearms are not effective for hunting because animals were killed long before firearms came along. I don't buy it. It's not black and white, it's a matter of degree.
"What are these "many" ways? Are they only superior in your opinion, or only in your particular use cases? Because I almost never people able to give me specifics on why OSX is superior to other OSes unless it's just a specific piece of software or some feature that only a few people would ever care about. If that's the case, Windows and Linux are just as "superior", not to mention other operating systems nobody ever tries because the mainstream OSes are so damn "superior.""
Are you arguing with me just for the sake of arguing with me?
As far as YOU are concerned, it is my opinion, about my own use-case. I don't feel like going into further detail at this time.
"sounds really trivial to break. I can see all kinds of kids doing this."
It's straight out of the Mythbusters fingerprint scanning episode.
They didn't find one they couldn't defeat, and many of them were ridiculously easy. They used exactly this technique.
I've been saying it for years: at our currently level of technology, relying on fingerprints for security (or nearly any biometric for that matter) is asking for trouble. It's just not good enough.
"Class-action lawsuit on what grounds?"
I already stated the grounds: anti-competitive practices.
There are ways to compete in markets, and there are ways to "lock in" your customers and reduce their choices. The former is generally considered good, and the latter is generally considered bad. Depending on how egregious the "lock in" is, it is sometimes ruled to be illegal.
Example: suppose you built an automobile in such a way that it could only use YOUR brand of gasoline, which was only available at YOUR filling stations. And YOUR brand of oil, YOUR antifreeze, etc.
Sure, it's arguable that people don't have to buy the car. That's nice and simple.
But what if there were only 2 or 3 brands of cars available? Peoples' choices are reduced.
What constitutes "anticompetitive practices" depends on the particular situation. But I would say Apple is pushing the envelope a bit. Maybe it's not illegal, YET. But if they keep it up, sooner or later they are bound to cross the line.
They already have, in other areas. Like the price-fixing suit, for example.
"I suspect you're talking about some other DES."
Pardon me. My eyes must have skipped over the DES part. No, of course what I was saying doesn't apply to DES.
On the other hand, this situation has made a lot of people look at any government-approved encryption with a jaundiced eye.
Sure. But it's not baked into the system, as it is on many carriers' versions of Android.
You CAN run location-aware apps, etc. But with Cyanogen you don't have to.
"The NSA had earned the trust of just about everybody in the community by improving DES with changes nobody understood until fifteen years later. "
Are you being sarcastic? The "improvements" they made are now being looked at, 15 years later, as examples of Government backdoors in their encryption.
(I know it's not every case, but the consensus is that it was in THIS case, and possibly several others. I have friends in the field and they knew about this particular instance of PRNG for elliptiical curve crypto way back when. Few trusted it except, apparently, RSA and its customers.)
So any "improvements" from the NSA have to come with a grain of salt. You might have the best encryption system in the world, but if your credibility is shit (as the NSA's now is), it doesn't matter much because nobody will use it.
"There are other licensed cables. I would embrace the chance to buy non-chinese local produced apple licensed cables. The middle ground is just hard too find."
That is an argument AGAINST the lock-in I was referring to, not for it.
Other LICENSED cables. Sure. But why are there cheap Chinese knockoffs in the first place? BECAUSE the costs of cables are being artificially inflated by the licensing scheme.
You don't see this shit in competitive markets. In THOSE markets, products get BETTER, not worse, and the price continually goes DOWN.
I think we're on the same channel here. But the exact mix of brilliance and stupidity is really not so important. Whatever the magnitude of the individual parts, the end result is still that NSA can't be trusted to act in the public good.
Cyanogen does not have all the proprietary "bloatware" that carriers and manufacturers load on phones, which access your location and other data as you go about your daily activities.
And yes, make no mistake, they DO phone home with that data. In the vast majority of cases.
"The dongles weren't hacked. Someone broke into RSA and stole the seed records, which is what goes inside the security dongle (and is supposedly impossible to extract from the dongle)."
Technically correct. I almost wrote "but it's a distinction with no difference"... except that's wrong. It's actually WORSE. It means it wasn't just a bug... RSA was woefully irresponsible with vital user data.
"I can't tell, do you think the NSA is brilliant or stupid beyond belief?"
I'm pretty sure it means a little bit of both.
"It's not about safety, it's about control."
Unless I am mistaken, exactly this kind of "corporate lock-in", for safety or any other reason, has consistently been ruled by the courts to be "anti-competitive practice" and is outlawed.
I *LIKE* Apple products. But I do not like the lock-in, or Apple's attitude about it. I would be happy to see a class-action lawsuit over this.
"Therefore, RSA has proven themselves untrustworthy at best, corrupt at worst, and quite likely both."
And don't forget that their "super security" ID dongles were hacked just a year or so ago.
All in all, it's looking like RSA is a corporation to avoid.
"Personally I suspect the Linkedin Android App slurps your addresses from the phone, but I'n not about to install it and find out.
My spam folder is full of Linkedin invitations."
Good point. I hadn't considered the Android app. Those things need better security + privacy controls.
The hell of it is, everybody denies it, but Google purposely designed Android to give access to users' data. (Just like it purposely designed Google to slurp users' data at every opportunity.)
That's why I'm seriously considering CyanogenMod for my phone. It's an "open source" environment that really is open.
"Is NSA finding this RNG hard to crack, or did NSA tell RSA to slip in a backdoor back in 2006 - and RSA folks are trying to crawl out of the hole they dug for themselves?"
Evidence very strongly suggests the latter.
Funny. I hadn't read these comments but I came to the same conclusion. I think that's likely what they did, and yes that implies that they have users' passwords in plaintext.
"Maybe they used a cookie for an email session that was already opened by the browser?"
Unlikely.
If they were doing this at all, I'd give you 10 to 1 they were just trying the external email accounts using the same passwords the users use on LinkedIn. That's easy, and it would likely have a success rate of 50% or even more.
More troubling: if that's what they did it implies that LinkedIn stores your password in plaintext somewhere.
"Solving problems is like marinating meat. It takes time. If you rush it, you get a quick solution, but not the best. A quick solution might be acceptable for one meal, but not for future meals.
The "Eureka effect" isn't something new."
Have the managers read "The Mythical Man Month".
"Be careful with this analogy... the way to speed up cooking is via higher pressure."
Which simultaneously happens to risk an explosion in the kitchen.
"3D printing could make intellectual property laws impossible or impractical to enforce."
Bullshit.
"IP" laws are quite practical and possible to enforce... at least, the reasonable parts of them are.
Study after study after study have shown that personal copying HAS NOT HARMED either the music or software or music industries. If anything, their profits have gone up. The continued attacks against making personal (as opposed to for commercial sale) copies is nothing more than an attempt at absolute control.
3D printing does not "threaten" so-called "intellectual property" laws in the least. Neither did Jacquard looms, or computer punch cards, or cassette tapes, or DVDs, or automated lathes, or injection molding, or CNC machines. All of the industries that depended on those things for manufacturing or distribution have been thriving. If anything, more so than if those things had not come along.
"What are these "many" ways? Are they only superior in your opinion, or only in your particular use cases? Because I almost never people able to give me specifics on why OSX is superior to other OSes unless it's just a specific piece of software or some feature that only a few people would ever care about."
Translation: "The only people I know who say this have no reason for saying it, so I'm pretty sure you don't know what you're talking about either. You only care about yourself."
If that's the case, Windows and Linux are just as "superior", not to mention other operating systems nobody ever tries because the mainstream OSes are so damn "superior."
Translation: "I'm putting 'superior' in quotes because I don't believe you and I'm going to argue with you because I think you're just talking out your ass."
When you can learn to ask questions in a mature, civil manner, you might start getting what YOU consider to be "mature" answers.
Don't bother to keep replying. I won't. You don't deserve any more of my time. Stop acting like an asshole and maybe people would actually answer your questions rather than being insulting in return. Note: that's the third time I've said that, in one way or another. I have no reason to keep saying it, even if you try to insult me yet again.
"Don't flatly say something's superior if you don't want to quantify it when you're challenged for your lack of insight."
And don't try to blame me for your rude manner of asking the question.
I repeat: as far as YOU are concerned (see that emphasis on YOU?), it is my opinion, about my use-case.
Maybe, if one day you learn to ask questions politely instead if insinuating some kind of misfeasance by the other party at ever turn, they might deign to actually answer you.
Until then, you don't deserve an answer.
Estimates are an attempt to
get around
NP problems... they don't solve NP problems.
There is a difference, and it is real.
"Just... no. "
Exactly.
I'm sad when a power tool breaks down, but that doesn't prompt me to want to bury it and hold a service. And I don't hesitate in the slightest to go get a new one.
"You response to this point makes no sense. I have said nothing about any abuses here, and haven't blamed anything on anyone."
Pardon me there; I had your remarks confused with someone else's. My mistake.
" my point was that the only reason for a society to grant patents is to provide a viable alternative to the former system (closely held trade secrets) without the risk of the secret dying with the inventor?"
I guess my question would be WHY you see ONLY this reason, and refuse to acknowledge the others. I mentioned at least one of them. But you have rejected it without any real argument or refutation, and simply repeated your original statement again.
The fact that inventions were created before the motivation of patents existed, is not evidence that patents do not create motivation. The real question, which you have refused to even acknowledge so far, is: which is BETTER? A system with no patents, or a system with patents.
By your argument, I could claim that firearms are not effective for hunting because animals were killed long before firearms came along. I don't buy it. It's not black and white, it's a matter of degree.
"What are these "many" ways? Are they only superior in your opinion, or only in your particular use cases? Because I almost never people able to give me specifics on why OSX is superior to other OSes unless it's just a specific piece of software or some feature that only a few people would ever care about. If that's the case, Windows and Linux are just as "superior", not to mention other operating systems nobody ever tries because the mainstream OSes are so damn "superior.""
Are you arguing with me just for the sake of arguing with me?
As far as YOU are concerned, it is my opinion, about my own use-case. I don't feel like going into further detail at this time.