There are ways around this. If you have a rooted Android device, there are two apps, Droidwall and LBE Privacy Guard which not just control access to the network, but even if an app has full permissions to read contacts/phone ID/etc, it can be denied that access, where it gets passed bogus values.
This way, if some game wants every permission under the sun, it can have it. Although in reality, it won't be able to touch the contact list, phone ID, GPS, or even get on the network.
I have a Kill-o-Watt meter. If I want tracking, I plug that in between the appliance and the wall. Done.
Sony's system if put in with today's political climate means we will be paying 2-3x as we do for electricity, as well as likely being hauled to jail for suspicions because a row of lights appears to a profile scanner like a marijuana grow room array.
Call me a moron, but I don't get why one would pay the extravagant prices for "audiophile" equipment.
With the same cash, I can go get studio equipment, such as a good set of monitors with a subwoofer, a mixer, an amp, a parametic equalizer, a graph equalizer, and other rack equipment. Heck, with the price of some "audiophile" stuff, I can end up with a mixing deck, a top of the line keyboard, and enough cash left over to treat the room (kill standing waves, have proper bass traps at the corners, etc.)
Adding it up... do I want some "audiophile" stuff with $400 wooden knobs? Or would I be better off spending the money and have not just an accurate sound to listen to, but the ability to cut an album, even being able to record a drummer properly with the needed 12-16 mics (depending on drumset.)
Because a lot of us have seen what happens if data gets out that shouldn't.
Admiteddly, a dd if=/dev/zero of=/dev/whatever is good enough for most things, but a lot of businesses have data that no chances can really be taken (as a drive with data on it, and an erased drive can "accidently" switch places in a pile), so having drives get physically scrapped makes the bean counters happy.
Nuclear power done right brings a lot to the table:
1: It is energy dense, so it doesn't take up valued land. Solar and wind farms are great, but energy losses through wires cause those to become not feasible.
2: A reprocessing, "breeder" reactor can reduce the need for high level waste dumps.
3: Reactor fuel is relatively cheap and abundant. When uranium becomes an issue, there is always thorium (although that is still a research leap ahead.)
4: Safety. The deaths per terawatt figures completely show this.
And it only will get better. The reactors in use today are designs built when disco was in fashion and people wore leisure suits. Modern reactor designs are generations ahead in safety, usability, and economy than the existing reactors that are on life support. Take an implemention of a traveling wave reactor. If done right, there would be zero need to enrich uranium, and the by-products are useful items.
Had we had nuclear power R&D in the 1970s and 1980s, I'd probably say we would be at least 20-50 years ahead in technological growth than we are now. Even the need for petroleum wouldn't be much, as any oil would be used for polymers, rather than burned. Even used plastics can be "boiled" via a thermal depolymerization reaction and reused.
I'm happy to see some sort of energy progress in the US other than gas and oil.
We can compare the oil spills in the gulf, and not just the BP one, there are others that have been reported to still be spewing out crap. Those are "gifts that keep on giving". There are large swaths of the seabed that are just lifeless now.
Contrast that to the area around the worst nuclear disaster in world history. Years later, it has become a game preserve. Were it not for the rad meters, it has become an ecological paradise where nature has come back.
If Chernobyl is the worst nuclear disaster we ever will have, while undersea drilling is still a nascent technology where a blowout can happen at any time, I'm all for nuclear power with only caveat.
The caveat is that in today's economy, there is no responsibility. Stakeholders have been replaced by shareholders. A reactor head can be made out of pot metal, be installed, and it fails. The company that made it can just shrug, file bankruptcy, the owner of the company take his golden parachute and live in the Bahamas. What would be needed is regulation where if there is malfeasance, there will be people going to prison and fortunes taken away, and not just pawns thrown under the bus to appease the masses, then back to business as usual.
Very good info, and I appreciate your (the AC's) correction.
The biggest reason I run a multi-pass erase (followed by a pass of zeroes so the OS doesn't get confused) is less of grinding the existing bits out, but more for a test, in hopes that a sector that is on the edge gets picked up and relocated before data is stored there.
As for a low-level format command, I wish IDE/SATA drives had that. That way, the existing sectors that are marked bad and relocated would be considered bad, and the relocation table freed up. This way, there is more room for newly grown defects in the relocation table. Of course, having onboard encryption where a SECURITY ERASE UNIT command would force the drive to not just do a zero, but change the master read/write encryption key would be nice too.
That is a lot like Hushmail's old Java-based system. The key gets generated in a Java applet running locally, and is only used to decrypt mail on the client end. Log out, said passphrase and unlocked private key get purged. This way, encrypted mail was inaccessable to anyone.
However, if one skipped Java and used Javascript that allowed the key to be decrypted on the server, then Hushmail had the same amount of security as a normal E-mail provider.
Nothing in DB's EULA about encryption. They even have mention of using TC volumes and notes about sparse files not being supported.
Its mind-blowingly obvious that I use TC containers (with the.tc extension), so if it were an issue, I'd well have been notified and/or kicked off DB ages ago.
That doesn't mean that it may happen in the future, but as of today, nothing wrong with storing encrypted volumes, because one is paying for that.
Both EncFS and PhonebookFS allow the use of chaff files. This way, an attacker would have no clue what is junk and what might be vital info.
Another idea is to do what some people do is have a TrueCrypt volume on the cloud drive. Assuming the cloud software is smart enough to send only changes as opposed to completely sending the file, all they will see are encrypted deltas to offsets in the file. To help fool traffic analysis is easy -- do a bunch of random reads/writes, or just defragment the volume, and run a free space erase afterwards.
If they are suspicious, doesn't bother me. VPN and usage of encryption, especially if one is using for work related items is more of a matter of common sense and due diligence.
I always use a VPN if on a Wi-Fi connection. This way, it means far fewer people are able to see what I am doing, or interfere with the traffic.
Choice #1: Send the drives back and demand ones without confidential data on them.
Choice #2: Use a utility like HDDErase which uses low level ATA commands to tell the controller to wipe the drive. This will wipe every sector, even ones that are bad, relocated, or protected ones. After that, follow up with DBAN for good measure.
Just wait until drones start being used to catch people in police chases. Then just travel streets looking for people speeding or whom it thinks ran lights. Then it will take pictures of people suspected of being too close to send fines to, even though it was due to another car cutting into a gap.
Then they will be used for private companies to monitor workers 24/7/365, as well as whom workers interact with. Why bother watching FB when a contractor can just hand you high resolution video of where all your employees are at all times?
Slippery slope, yes. However we have seen this happen way too much.
Bingo. The phone I miss is my old T-Mobile MDA (rebranded HTC Wizard). It had the usual stuff (no 3/4G, of course, but Bluetooth, Wi-Fi, etc.), and it could run almost a week before needing to be charged. The reason why it had the battery life was partly due to the dual core OMAP CPU, and partially due to the fact that it was thick enough to handle a decent mAh battery.
I wouldn't mind a phone having a couple millimeters of thickness, if it meant significantly more battery life, and a thicker Gorilla Glass 2 screen. If phone makers can't get 64 gigabyte MicroSD cards, perhaps there might be enough room to have a slot for a second 32GB one.
Oh, and I also wish the non-fruit phone makers would stop growing the screens. If I want a tablet, I'll buy one. I want a phone with a phone size/shape, not something that can't easily fit in a back pocket.
I'm guessing the fact that a top level certificate compromise is something that is to be ignored. We already went through this with a CA that got bankrupted due to security issues. Web browsers not dealing with revoked keys will just add significantly to the time that blackhats can MITM stuff.
The solution? I would say that SLCs (short-lived certificates) might be the best thing, with a mechanism to replace browser root keys periodically. Every time the browser is updated, CAs have new root keys. This way, a compromised root key will be replaced in short order, and if the root key is sound, having intermediate CA keys with a lifetime of hours to days would be the thing to do. This way, if a key is compromised, it will expire in a very short amount of time, even if there is no ability to connect to a revocation server.
Of course, there are holes in this -- fetching keys more often for example will generate more traffic.
Meant to state that an ISP that does not keep security logs will remain in business for long.
Ideally, the best policy an ISP can have (because they are caught between the Scylla of user privacy, and the Charybdis of LEO requests) is to keep logs for a certain period of time, then expunge them, and have a backup rotation cycle which enforces this (perhaps by using encryption keys which are destroyed when the data is expired.)
In fact, an ISP that *does not* log this info will not be around log. The reason is that a competant ISP will keep packet logs for at least a couple days in order to catch a blackhat. Bigger ISPs might keep logs for 3 months so they have something when they get a motion of discovery (similar to mugging money -- got nothing to show to the guys in suits with the constable, say buh-bye to your business, because your biz will be then the defendant named in short order.)
When I was in the job market, I lost potential jobs for not having a FB account.
With the fact that there is concern about deleted stuff not really being deleted, people searching profiles for anything (where a bad joke reposted can get someone flagged as a racist or gun nut for 7 years), using FB as a communication tool for anything other than the latest cat meme is out of the question.
I sometimes wonder about someone coming up with a paid membership site (so the subscribers are the true customers) for social networking where only the parties involved (and possibly LEOs) are the only ones privy to information posted and shared. Combine that, plus having data erased after a forensically apt period of time (30 days after it was deleted by the user), and this would be an actually useful service.
Best thing is a compromise. Austin's libraries have some unfiltered machines where the monitor is located in the desk. This provides privacy, and keeps someone's hunt for pr0n from annoying the nearby patrons. There are machines with standard monitors, but those are filtered.
I can see the owner of the system making additional income by only showing parking places to the highest bidder, so places would show to the guy who bid $50, but not to the guy who bid $20 until all the higher bidders are off the system.
I'd add to your #1: Any info put on there can have very negative consequences. For example, if a profile scraper services sees a share or a like of a "hey, why do I need to press #1 for English?" picture, one is branded as a racist for seven years. Or if one likes tents or stealth camping, they might be branded as a supporter of OWS. A like of a smoking product can get one's health insurance company to demand a physical and bloodwork to see if someone's status changed. Liking of a park after dark and mention of that can get someone arrested months to years after the fact for criminal trespass.
My recommendation to everyone who has an Android device: Download the app "Exfoliate", making sure you have the right app from Michael Devine. Set what you want deleted, let it log in for you, and let it run. It will likely take days to finish, and it uses a lot of bandwidth. However, it is worth it, so a post from several years ago doesn't haunt someone in the future. After cleaning the profile, find another avenue to post one's thoughts, preferably one's own website.
Geeks know the danger about Facebook. In fact, I never bothered with an account until before I got my current job, where interviewers would ask me what my FB account ID was, and when I said that I didn't bother with one, I'd either be looked at like I was an imbecile, or explicitly told that if I don't keep up with social media, I'm too old to be in IT. So, I created accounts on the usual social networking sites with a nice clean persona, just to keep the HR droids happy.
What would be nice would be a geek-friendly social networking site designed from the ground up for privacy and security. It would likely cost something for membership, but that means that the cost is up front, and not paid for by privacy (the subscribers are the customers unlike FB where the true customers are the advertisers, and subscribers are at best a necessary evil.) It would use an object based system with each object (be it a message, a photo, a +1/like, etc.) being encrypted with a key object list to decrypt it. This way, unless a person explicitly gives access to someone (and this includes the public), the piece of data is encrypted, with a list of keys of whom can decrypt it (one of the keys being an ADK for law enforcement stored offline.) This way, it would be a lot harder to compromise someone's personal messages, while providing the judge with the search warrant a reason not to shut the service down and jail everyone involved.
Google improved search engine capability. Pre that, search engines had a text bar, then a bunch of categories underneath that might have something relevant if you drilled down enough. Searching via keyword would get some results, but likely irrelevant.
Then there were the pop-up ads that pre-Google search engines had, where unless one had a tool like the Proxomitron, a hosts file, or some anti-popup utility, searching for something became an object of clicking for stuff, then having to quit out of the web browser and come back to deal with all the excess windows.
Before that, you took your luck with the command line and Archie.
S/MIME is a compromise in this department. Signed E-mails will show that they are signed properly in Outlook, Thunderbird, and a number of web based E-mail readers.
Of course, the ideal would be PGP/gpg validation of mails automatically because PGP wouldn't rely on CAs, as opposed to a WoT, but it would be better than nothing.
PGP/gpg is ideal because it sits atop of everything else. However, most people wouldn't be bothered to generate and store securely a private key, much less build a usable WoT and making sure not just just absent-mindedly sign everyone's key that passes by.
Slashdot Mirror
There are ways around this. If you have a rooted Android device, there are two apps, Droidwall and LBE Privacy Guard which not just control access to the network, but even if an app has full permissions to read contacts/phone ID/etc, it can be denied that access, where it gets passed bogus values.
This way, if some game wants every permission under the sun, it can have it. Although in reality, it won't be able to touch the contact list, phone ID, GPS, or even get on the network.
I have a Kill-o-Watt meter. If I want tracking, I plug that in between the appliance and the wall. Done.
Sony's system if put in with today's political climate means we will be paying 2-3x as we do for electricity, as well as likely being hauled to jail for suspicions because a row of lights appears to a profile scanner like a marijuana grow room array.
Call me a moron, but I don't get why one would pay the extravagant prices for "audiophile" equipment.
With the same cash, I can go get studio equipment, such as a good set of monitors with a subwoofer, a mixer, an amp, a parametic equalizer, a graph equalizer, and other rack equipment. Heck, with the price of some "audiophile" stuff, I can end up with a mixing deck, a top of the line keyboard, and enough cash left over to treat the room (kill standing waves, have proper bass traps at the corners, etc.)
Adding it up... do I want some "audiophile" stuff with $400 wooden knobs? Or would I be better off spending the money and have not just an accurate sound to listen to, but the ability to cut an album, even being able to record a drummer properly with the needed 12-16 mics (depending on drumset.)
Because a lot of us have seen what happens if data gets out that shouldn't.
Admiteddly, a dd if=/dev/zero of=/dev/whatever is good enough for most things, but a lot of businesses have data that no chances can really be taken (as a drive with data on it, and an erased drive can "accidently" switch places in a pile), so having drives get physically scrapped makes the bean counters happy.
Nail, hit head.
Nuclear power done right brings a lot to the table:
1: It is energy dense, so it doesn't take up valued land. Solar and wind farms are great, but energy losses through wires cause those to become not feasible.
2: A reprocessing, "breeder" reactor can reduce the need for high level waste dumps.
3: Reactor fuel is relatively cheap and abundant. When uranium becomes an issue, there is always thorium (although that is still a research leap ahead.)
4: Safety. The deaths per terawatt figures completely show this.
And it only will get better. The reactors in use today are designs built when disco was in fashion and people wore leisure suits. Modern reactor designs are generations ahead in safety, usability, and economy than the existing reactors that are on life support. Take an implemention of a traveling wave reactor. If done right, there would be zero need to enrich uranium, and the by-products are useful items.
Had we had nuclear power R&D in the 1970s and 1980s, I'd probably say we would be at least 20-50 years ahead in technological growth than we are now. Even the need for petroleum wouldn't be much, as any oil would be used for polymers, rather than burned. Even used plastics can be "boiled" via a thermal depolymerization reaction and reused.
I'm happy to see some sort of energy progress in the US other than gas and oil.
We can compare the oil spills in the gulf, and not just the BP one, there are others that have been reported to still be spewing out crap. Those are "gifts that keep on giving". There are large swaths of the seabed that are just lifeless now.
Contrast that to the area around the worst nuclear disaster in world history. Years later, it has become a game preserve. Were it not for the rad meters, it has become an ecological paradise where nature has come back.
If Chernobyl is the worst nuclear disaster we ever will have, while undersea drilling is still a nascent technology where a blowout can happen at any time, I'm all for nuclear power with only caveat.
The caveat is that in today's economy, there is no responsibility. Stakeholders have been replaced by shareholders. A reactor head can be made out of pot metal, be installed, and it fails. The company that made it can just shrug, file bankruptcy, the owner of the company take his golden parachute and live in the Bahamas. What would be needed is regulation where if there is malfeasance, there will be people going to prison and fortunes taken away, and not just pawns thrown under the bus to appease the masses, then back to business as usual.
Very good info, and I appreciate your (the AC's) correction.
The biggest reason I run a multi-pass erase (followed by a pass of zeroes so the OS doesn't get confused) is less of grinding the existing bits out, but more for a test, in hopes that a sector that is on the edge gets picked up and relocated before data is stored there.
As for a low-level format command, I wish IDE/SATA drives had that. That way, the existing sectors that are marked bad and relocated would be considered bad, and the relocation table freed up. This way, there is more room for newly grown defects in the relocation table. Of course, having onboard encryption where a SECURITY ERASE UNIT command would force the drive to not just do a zero, but change the master read/write encryption key would be nice too.
If an IDE drive, what's better for the task, a master or slave controller?
That is a lot like Hushmail's old Java-based system. The key gets generated in a Java applet running locally, and is only used to decrypt mail on the client end. Log out, said passphrase and unlocked private key get purged. This way, encrypted mail was inaccessable to anyone.
However, if one skipped Java and used Javascript that allowed the key to be decrypted on the server, then Hushmail had the same amount of security as a normal E-mail provider.
Nothing in DB's EULA about encryption. They even have mention of using TC volumes and notes about sparse files not being supported.
Its mind-blowingly obvious that I use TC containers (with the .tc extension), so if it were an issue, I'd well have been notified and/or kicked off DB ages ago.
That doesn't mean that it may happen in the future, but as of today, nothing wrong with storing encrypted volumes, because one is paying for that.
Both EncFS and PhonebookFS allow the use of chaff files. This way, an attacker would have no clue what is junk and what might be vital info.
Another idea is to do what some people do is have a TrueCrypt volume on the cloud drive. Assuming the cloud software is smart enough to send only changes as opposed to completely sending the file, all they will see are encrypted deltas to offsets in the file. To help fool traffic analysis is easy -- do a bunch of random reads/writes, or just defragment the volume, and run a free space erase afterwards.
If they are suspicious, doesn't bother me. VPN and usage of encryption, especially if one is using for work related items is more of a matter of common sense and due diligence.
I always use a VPN if on a Wi-Fi connection. This way, it means far fewer people are able to see what I am doing, or interfere with the traffic.
Choice #1: Send the drives back and demand ones without confidential data on them.
Choice #2: Use a utility like HDDErase which uses low level ATA commands to tell the controller to wipe the drive. This will wipe every sector, even ones that are bad, relocated, or protected ones. After that, follow up with DBAN for good measure.
After that, don't worry about it.
Just wait until drones start being used to catch people in police chases. Then just travel streets looking for people speeding or whom it thinks ran lights. Then it will take pictures of people suspected of being too close to send fines to, even though it was due to another car cutting into a gap.
Then they will be used for private companies to monitor workers 24/7/365, as well as whom workers interact with. Why bother watching FB when a contractor can just hand you high resolution video of where all your employees are at all times?
Slippery slope, yes. However we have seen this happen way too much.
Bingo. The phone I miss is my old T-Mobile MDA (rebranded HTC Wizard). It had the usual stuff (no 3/4G, of course, but Bluetooth, Wi-Fi, etc.), and it could run almost a week before needing to be charged. The reason why it had the battery life was partly due to the dual core OMAP CPU, and partially due to the fact that it was thick enough to handle a decent mAh battery.
I wouldn't mind a phone having a couple millimeters of thickness, if it meant significantly more battery life, and a thicker Gorilla Glass 2 screen. If phone makers can't get 64 gigabyte MicroSD cards, perhaps there might be enough room to have a slot for a second 32GB one.
Oh, and I also wish the non-fruit phone makers would stop growing the screens. If I want a tablet, I'll buy one. I want a phone with a phone size/shape, not something that can't easily fit in a back pocket.
I'm guessing the fact that a top level certificate compromise is something that is to be ignored. We already went through this with a CA that got bankrupted due to security issues. Web browsers not dealing with revoked keys will just add significantly to the time that blackhats can MITM stuff.
The solution? I would say that SLCs (short-lived certificates) might be the best thing, with a mechanism to replace browser root keys periodically. Every time the browser is updated, CAs have new root keys. This way, a compromised root key will be replaced in short order, and if the root key is sound, having intermediate CA keys with a lifetime of hours to days would be the thing to do. This way, if a key is compromised, it will expire in a very short amount of time, even if there is no ability to connect to a revocation server.
Of course, there are holes in this -- fetching keys more often for example will generate more traffic.
Meant to state that an ISP that does not keep security logs will remain in business for long.
Ideally, the best policy an ISP can have (because they are caught between the Scylla of user privacy, and the Charybdis of LEO requests) is to keep logs for a certain period of time, then expunge them, and have a backup rotation cycle which enforces this (perhaps by using encryption keys which are destroyed when the data is expired.)
In fact, an ISP that *does not* log this info will not be around log. The reason is that a competant ISP will keep packet logs for at least a couple days in order to catch a blackhat. Bigger ISPs might keep logs for 3 months so they have something when they get a motion of discovery (similar to mugging money -- got nothing to show to the guys in suits with the constable, say buh-bye to your business, because your biz will be then the defendant named in short order.)
When I was in the job market, I lost potential jobs for not having a FB account.
With the fact that there is concern about deleted stuff not really being deleted, people searching profiles for anything (where a bad joke reposted can get someone flagged as a racist or gun nut for 7 years), using FB as a communication tool for anything other than the latest cat meme is out of the question.
I sometimes wonder about someone coming up with a paid membership site (so the subscribers are the true customers) for social networking where only the parties involved (and possibly LEOs) are the only ones privy to information posted and shared. Combine that, plus having data erased after a forensically apt period of time (30 days after it was deleted by the user), and this would be an actually useful service.
Best thing is a compromise. Austin's libraries have some unfiltered machines where the monitor is located in the desk. This provides privacy, and keeps someone's hunt for pr0n from annoying the nearby patrons. There are machines with standard monitors, but those are filtered.
I can see the owner of the system making additional income by only showing parking places to the highest bidder, so places would show to the guy who bid $50, but not to the guy who bid $20 until all the higher bidders are off the system.
I'd add to your #1: Any info put on there can have very negative consequences. For example, if a profile scraper services sees a share or a like of a "hey, why do I need to press #1 for English?" picture, one is branded as a racist for seven years. Or if one likes tents or stealth camping, they might be branded as a supporter of OWS. A like of a smoking product can get one's health insurance company to demand a physical and bloodwork to see if someone's status changed. Liking of a park after dark and mention of that can get someone arrested months to years after the fact for criminal trespass.
My recommendation to everyone who has an Android device: Download the app "Exfoliate", making sure you have the right app from Michael Devine. Set what you want deleted, let it log in for you, and let it run. It will likely take days to finish, and it uses a lot of bandwidth. However, it is worth it, so a post from several years ago doesn't haunt someone in the future. After cleaning the profile, find another avenue to post one's thoughts, preferably one's own website.
Geeks know the danger about Facebook. In fact, I never bothered with an account until before I got my current job, where interviewers would ask me what my FB account ID was, and when I said that I didn't bother with one, I'd either be looked at like I was an imbecile, or explicitly told that if I don't keep up with social media, I'm too old to be in IT. So, I created accounts on the usual social networking sites with a nice clean persona, just to keep the HR droids happy.
What would be nice would be a geek-friendly social networking site designed from the ground up for privacy and security. It would likely cost something for membership, but that means that the cost is up front, and not paid for by privacy (the subscribers are the customers unlike FB where the true customers are the advertisers, and subscribers are at best a necessary evil.) It would use an object based system with each object (be it a message, a photo, a +1/like, etc.) being encrypted with a key object list to decrypt it. This way, unless a person explicitly gives access to someone (and this includes the public), the piece of data is encrypted, with a list of keys of whom can decrypt it (one of the keys being an ADK for law enforcement stored offline.) This way, it would be a lot harder to compromise someone's personal messages, while providing the judge with the search warrant a reason not to shut the service down and jail everyone involved.
Google improved search engine capability. Pre that, search engines had a text bar, then a bunch of categories underneath that might have something relevant if you drilled down enough. Searching via keyword would get some results, but likely irrelevant.
Then there were the pop-up ads that pre-Google search engines had, where unless one had a tool like the Proxomitron, a hosts file, or some anti-popup utility, searching for something became an object of clicking for stuff, then having to quit out of the web browser and come back to deal with all the excess windows.
Before that, you took your luck with the command line and Archie.
S/MIME is a compromise in this department. Signed E-mails will show that they are signed properly in Outlook, Thunderbird, and a number of web based E-mail readers.
Of course, the ideal would be PGP/gpg validation of mails automatically because PGP wouldn't rely on CAs, as opposed to a WoT, but it would be better than nothing.
PGP/gpg is ideal because it sits atop of everything else. However, most people wouldn't be bothered to generate and store securely a private key, much less build a usable WoT and making sure not just just absent-mindedly sign everyone's key that passes by.