Let's see. What kind of group would be interested in garnering information from hackers communicating with other hackers specifically? An Agency with some some mission? A Bureau with some purpose? I wonder.
While hard to be sympathetic given the nature of the accusation, we do need to seriously guard against a slippery slope of presuming guilt based on the mere existence of encrypted storage, or worse yet, allowing precedent for encrypted data itself evoking "probable cause" for legal search.
Yes! Look, I'm fully aware that I don't have the facts. The reporting, in fact, this article and every other press account that I've seen, is just incomplete, incoherent, and confusing. However, my assumptions based on what I think I understand from what I've gleaned from said crappy reporting is that (a) the phone's data being sought by the FBI were encrypted with a private key (in the form of the phone's password) known, presumably and reasonably, only to the dead murderer; (b) Apple doesn't have said password (its hash, maybe, for what it's worth); yet, FBI is demanding that Apple, who again doesn't have the private key, decrypt the data. Whisky Tango Foxtrot? Suppose Apply is using a known good encryption algorithm effectively implemented. Don't know what that might be, but suppose, for example, something like AES (128, 256, 1024?). Maybe Apple really can't decrypt it without the private key. If NIST isn't totally lying, AES 1024, for example, well implemented, is presumed extremely difficult to brute force (like NP Hard?). Are my assumptions off? How can the government legally compel the (near) impossible? What is the legal precedent for compelling the impossible? Can a judge order that I defy gravity, for example, and throw me in jail if I don't comply?
I may not be getting this, I admit, so this is not meant as challenging or critical, but what linux user would/might/could "accidentally" log in to a console as root, then issue an "rm -rf" command? I can see how a malware script might, given a prior enabling compromise of root, but "accidentally" doesn't compute. In my understanding, gaining root, or Windows admin, privilege pretty much allows malicious actions anywhere, so I don't get at this point why this is earth shattering.
We're talking about Apple-TV, right? So, questions: If one desires a mule to haul one's load across hilly country, buys a goat, then bitches that the goat doesn't carry that much, won't go that far, and makes obnoxious noises, who's at fault, the goat?
Then consider the corrupting influence of such power. How would such power would play out, given the relatively mild symbiotic Union and (currently, Democratic) Party relationship that is essentially a money laundering scheme of the highest order of corruption? The result would be a cartel that would make current Chicago look like a middle school student government in comparison. “All governments suffer a recurring problem: Power attracts pathological personalities. It is not that power corrupts but that it is magnetic to the corruptible.” -- FRANK HERBERT ("Heretics of Dune")
The issue is neither pro, nor anti, union. The whole H1B situation is a clear instance of raw political corruption. The real Beltway Bandits, in Congress and the Administration, are essentially selling out American workers for quid pro quo of campaign finance. Don't get me wrong. I do not blame the corporations, who are supposed to be motivated by profit, albeit bounded by laws and regulations, like this one, of society in which they operate and are themselves a part. Rather, I lay the blame squarely on a corrupt political class in Washington whose loyalties, even fundamental affinities, are increasingly distant from those whom they were chosen to represent, to a degree that many see themselves less as the citizens' representatives in a Republic, than rulers over distant subjects in Fly-Over Country.
Correct, which India will need to assess to determine a law that works for them, and I, as a business, will need to assess how my risk tolerance bears on any decision to do further business with India.
Worse yet, what happens if you're a company doing business with Indian partners or subsidiaries and want to protect trade secrets and proprietary information? I would be further discouraged from doing such future business.
The problem is that consumers who are "users" of off-the-shelf software may only "intend" that key advertised and user-visible functionality should exist in any application. Consumers, by and large, unconsciously assume that any additional and hidden functions are somehow in good-faith support of the user-visible functionality. However, those same consumers really have no knowledge or insight into any functionality of compiled code other than advertised and user-visible functions. For an application of any common complexity, invisible functionality may be a majority of the code base. So, "functions only as intended" begs the further definition, "intended by whom"? -- the user or the developer? For custom code, the developer can be held responsible contractually to deliver specific users requirements, and can be further bound to deliver no more. But, for consumers of off-the-shelf software, the user assumes the risk that the application was coded in good faith to the advertised draw that sold the software. Perhaps an "Underwriters Laboratory" type assertion that the "software functions only as advertised and no more" is needed for consumers to trust that their software is secure. Trust is achieved through visibility.
"Spillage" is the term applied to the improper movement of informations across security domains. For us Little People, spillage is likely to result in consequences to all parties involved ranging from very inconvenient to very, very, very, bad. Just receiving spillage through no fault of ones own often results, at the very least, in temporary loss of the computer as it's sanitized (or replaced), and possibly the results an investigation to resolve how it got there. Inadvertant transmission of spillage is likely to result, at the very least, in an investigation and serious administrative consequences ranging from suspension of access while an investigation completes, punitive letters of reprimand, loss of security clearance, and/or loss of job. Spillage found to be a result of negligence or culpable misconduct results in criminal charges. Every government computer has a login banner that displays the highest classification that the host computer and network are cleared to process, the government's right to continuously monitor the computer's activities, and the potential legal consequence of willful mis-use. Ignorance, given the banner and required training that must be renewed annually, is made extremely unlikely. The big question that I have is how did high security domain traffic even get to the unclassified domain servers, apparently over and over again, without some human intervention, without, essentially, mis-use? Oh well. Security rules for us Little People clearly have differed from those that apply to Party Royalty in this case, by demonstration of the fact that it was allowed to go on for so long. Ms. Clinton, including her cooperating cohorts and minions who were culpable in this mess, need to be punished in order to restore, if nothing else, trust and confidence in the just administration of the system.
I rise in full agreement, and offer my applause to your eloquence. Individuals have rights. Governments have powers. I hope that there might some in this forum who might find this explanation of the basic principle somewhat familiar: "We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed..."
This appears to be the functional equivalent of a holding down the power switch, maybe a little quicker. Just what one needs. Well, probably not, but if you're that paranoid, you either have a mental condition or otherwise engage in behaviors that merit paranoia.
The sciences are harder, less subjective and more rigorous, so of course GPA's are lower. Now, lets willingly suspend disbelief and stipulate that injecting money into STEM "programs" for women and minorities substantially increases STEM graduates in the U.S. Does that mean we will be able to reduce H1B visas because the workforce size is sufficient for demand? Or, does that mean we will have more STEM degrees working at Walmart, because H1B's will still cost less than indigenous workers? By the way, I can remember living in California in the early 70's when the lottery was being passed by proposition and promise that all of it would go to education. A lot of it did, and school facilities and staff, especially auxiliary non-teaching staff, increased significantly. Student achievement measured in standardized test scores, however, improved not a whit. So it goes.
Slashdot Mirror
...and Kardashians...don't forget the Kardashians.
Let's see. What kind of group would be interested in garnering information from hackers communicating with other hackers specifically? An Agency with some some mission? A Bureau with some purpose? I wonder.
Them and the IRS...among many others.
While hard to be sympathetic given the nature of the accusation, we do need to seriously guard against a slippery slope of presuming guilt based on the mere existence of encrypted storage, or worse yet, allowing precedent for encrypted data itself evoking "probable cause" for legal search.
Well, the good news seems to be that its executables are ".exe" files. Gotta love dem Windows.
Kill it. Kill it with fire.
Thanks. I finally found an article that explains the issue with detail and clarity, without bias -- on the Reg: http://www.theregister.co.uk/2...
Yes! Look, I'm fully aware that I don't have the facts. The reporting, in fact, this article and every other press account that I've seen, is just incomplete, incoherent, and confusing. However, my assumptions based on what I think I understand from what I've gleaned from said crappy reporting is that (a) the phone's data being sought by the FBI were encrypted with a private key (in the form of the phone's password) known, presumably and reasonably, only to the dead murderer; (b) Apple doesn't have said password (its hash, maybe, for what it's worth); yet, FBI is demanding that Apple, who again doesn't have the private key, decrypt the data. Whisky Tango Foxtrot? Suppose Apply is using a known good encryption algorithm effectively implemented. Don't know what that might be, but suppose, for example, something like AES (128, 256, 1024?). Maybe Apple really can't decrypt it without the private key. If NIST isn't totally lying, AES 1024, for example, well implemented, is presumed extremely difficult to brute force (like NP Hard?). Are my assumptions off? How can the government legally compel the (near) impossible? What is the legal precedent for compelling the impossible? Can a judge order that I defy gravity, for example, and throw me in jail if I don't comply?
I may not be getting this, I admit, so this is not meant as challenging or critical, but what linux user would/might/could "accidentally" log in to a console as root, then issue an "rm -rf" command? I can see how a malware script might, given a prior enabling compromise of root, but "accidentally" doesn't compute. In my understanding, gaining root, or Windows admin, privilege pretty much allows malicious actions anywhere, so I don't get at this point why this is earth shattering.
We're talking about Apple-TV, right? So, questions: If one desires a mule to haul one's load across hilly country, buys a goat, then bitches that the goat doesn't carry that much, won't go that far, and makes obnoxious noises, who's at fault, the goat?
Astute and insightful, indeed.
Yes we have souls you insensitive dolt. If you SYN me do I not ACK?
Ummm...so "settled economics" is to policy and politics as "settled science" is to policy and politics?
Then consider the corrupting influence of such power. How would such power would play out, given the relatively mild symbiotic Union and (currently, Democratic) Party relationship that is essentially a money laundering scheme of the highest order of corruption? The result would be a cartel that would make current Chicago look like a middle school student government in comparison. “All governments suffer a recurring problem: Power attracts pathological personalities. It is not that power corrupts but that it is magnetic to the corruptible.” -- FRANK HERBERT ("Heretics of Dune")
The issue is neither pro, nor anti, union. The whole H1B situation is a clear instance of raw political corruption. The real Beltway Bandits, in Congress and the Administration, are essentially selling out American workers for quid pro quo of campaign finance. Don't get me wrong. I do not blame the corporations, who are supposed to be motivated by profit, albeit bounded by laws and regulations, like this one, of society in which they operate and are themselves a part. Rather, I lay the blame squarely on a corrupt political class in Washington whose loyalties, even fundamental affinities, are increasingly distant from those whom they were chosen to represent, to a degree that many see themselves less as the citizens' representatives in a Republic, than rulers over distant subjects in Fly-Over Country.
Correct, which India will need to assess to determine a law that works for them, and I, as a business, will need to assess how my risk tolerance bears on any decision to do further business with India.
Worse yet, what happens if you're a company doing business with Indian partners or subsidiaries and want to protect trade secrets and proprietary information? I would be further discouraged from doing such future business.
The problem is that consumers who are "users" of off-the-shelf software may only "intend" that key advertised and user-visible functionality should exist in any application. Consumers, by and large, unconsciously assume that any additional and hidden functions are somehow in good-faith support of the user-visible functionality. However, those same consumers really have no knowledge or insight into any functionality of compiled code other than advertised and user-visible functions. For an application of any common complexity, invisible functionality may be a majority of the code base. So, "functions only as intended" begs the further definition, "intended by whom"? -- the user or the developer? For custom code, the developer can be held responsible contractually to deliver specific users requirements, and can be further bound to deliver no more. But, for consumers of off-the-shelf software, the user assumes the risk that the application was coded in good faith to the advertised draw that sold the software. Perhaps an "Underwriters Laboratory" type assertion that the "software functions only as advertised and no more" is needed for consumers to trust that their software is secure. Trust is achieved through visibility.
"Spillage" is the term applied to the improper movement of informations across security domains. For us Little People, spillage is likely to result in consequences to all parties involved ranging from very inconvenient to very, very, very, bad. Just receiving spillage through no fault of ones own often results, at the very least, in temporary loss of the computer as it's sanitized (or replaced), and possibly the results an investigation to resolve how it got there. Inadvertant transmission of spillage is likely to result, at the very least, in an investigation and serious administrative consequences ranging from suspension of access while an investigation completes, punitive letters of reprimand, loss of security clearance, and/or loss of job. Spillage found to be a result of negligence or culpable misconduct results in criminal charges. Every government computer has a login banner that displays the highest classification that the host computer and network are cleared to process, the government's right to continuously monitor the computer's activities, and the potential legal consequence of willful mis-use. Ignorance, given the banner and required training that must be renewed annually, is made extremely unlikely. The big question that I have is how did high security domain traffic even get to the unclassified domain servers, apparently over and over again, without some human intervention, without, essentially, mis-use? Oh well. Security rules for us Little People clearly have differed from those that apply to Party Royalty in this case, by demonstration of the fact that it was allowed to go on for so long. Ms. Clinton, including her cooperating cohorts and minions who were culpable in this mess, need to be punished in order to restore, if nothing else, trust and confidence in the just administration of the system.
"That's not how it works...that's not how any of this works!"
I rise in full agreement, and offer my applause to your eloquence. Individuals have rights. Governments have powers. I hope that there might some in this forum who might find this explanation of the basic principle somewhat familiar: "We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed..."
This appears to be the functional equivalent of a holding down the power switch, maybe a little quicker. Just what one needs. Well, probably not, but if you're that paranoid, you either have a mental condition or otherwise engage in behaviors that merit paranoia.
Sirius...ly?
...and would very likely work references to "climate change" into the monolog a whole lot less.
The sciences are harder, less subjective and more rigorous, so of course GPA's are lower. Now, lets willingly suspend disbelief and stipulate that injecting money into STEM "programs" for women and minorities substantially increases STEM graduates in the U.S. Does that mean we will be able to reduce H1B visas because the workforce size is sufficient for demand? Or, does that mean we will have more STEM degrees working at Walmart, because H1B's will still cost less than indigenous workers? By the way, I can remember living in California in the early 70's when the lottery was being passed by proposition and promise that all of it would go to education. A lot of it did, and school facilities and staff, especially auxiliary non-teaching staff, increased significantly. Student achievement measured in standardized test scores, however, improved not a whit. So it goes.