Even among republican circles I dont tend to hear Holder accused of intentionally arming cartels for their benefit-- that doesnt even make sense. Criminal incompetence / negligence? Maybe. But what purpose would he serve by giving random weapons to the cartel?
I just watched Enemy of the State and was amused to see them supposing this to be some republican dream. Come to find out, when your platform involves the government being responsible for absolutely everything, you tend to want a lot of intel on absolutely everything. Go figure that the most liberal state would have politicans who are incredibly liberal?
If the airforce were to mobilize against a civilian population, we would have the next civil war on our hands.
How are all the disconnected angry people with guns going to rebuild a society?
We did it in the last civil war. I think it would be more than just "people" in the situation you describe. Its possible that many states (particularly mid-west and southern) might wholesale rebel if the military were mobilized and martial law declared.
Ive been all over these type of threads many times, and I still dont really get what makes a food "processed", or what makes "processed" worse for you.
I mean its a great scare-word, conjuring up images of "chemicals" (another great scareword!), industrial equipment, and men in cleanroom suits, but does cane sugar count as "processed" (given the bleaching process)? What about cooking something, is that "processed"? Is dannon yogurt "processed"?
Id also note that "they" provide whatever foods are being demanded; you can hardly claim that theres no competition in the "food" industry, so if consumers didnt demand these foods noone would produce them.
Given how remarkably similar HFCS is to straight up sucrose (and once your body processes it, the difference is negligable as they both become glucose / fructose mixes of almost the same ratio), it staggers belief that the problem is TYPE of sugar rather than quantity. I would argue that 40g of "sugars" per soda (thats ~1/10 lb) is the problem, not whether its "cane" or "corn" sugar, HFCS, "processed sugar", or whatever you want to call it.
and the population eats more cheap delicious sugar-laden junk in a self-reinforcing cycle.
Clearly thats a conspiracy by Monsanto, not a choice by consumers to eat bad foods. Anything at all to shift the blame off of the individual and on to "the man", right?
Part of the process of becoming older and wiser is rejecting unrealistic idealism.
Domes are realistic. Modifying plants to cope with a basically non-existent atmosphere, frigid temperatures, and no liquid water (since water cannot exist in a liquid state at that atmospheric pressure) is not.
Forge the CA so you can forge the certificates to do a man in the middle, its trivial. I've done it on multiple occasions at work in order to facilitate sniffing passwords to migrate users to different a new service (say from office365 to gmail without getting everyones passwords by asking).
That is detectable unless you happen to generate the exact same thumbprint as the "true" CA. This very article is about how some folks noticed "legitimate" but unrecognized certificates in the wild.
All it takes is a quick post to a Google Groups board (as happened here), and EVERYONE now knows that a cert was possibly forged, and they can quickly get confirmation from Google as to whether the cert you were presented is a legitimate Google-issued cert.
Im not saying it doesnt "work"; it "works" in the same vein that ARP poisoning works: You will get results, but EVERYONE will know what you are up to, and in this case it would result in the revocation or un-trusting of whatever root CA issued the phony intermediate cert.
Forge the CA, and the signing CA's thumbprint on the cert wont match. That would be sort of obvious and easy to see, sort of like how these guys are spotting this now.
Its possible this IS an NSA or whomever MITM, but I sort of doubt it precisely because of how easy to spot it is.
Precisely, because encryption still works, regardless of what the media has convinced you.
He doesn't trust vpns
Please, please read the articles more carefully; you are missing what is actually being said due to the amount of hysteria that was whipped up. Here is what he actually said:
TAO also hacks into computers to recover long-term keys. So if you're running a VPN that uses a complex shared secret to protect your data and the NSA decides it cares, it might try to steal that secret......How do you communicate securely against such an adversary? Snowden said it in an online Q&A soon after he made his first document public: "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.".... I have five pieces of advice:... 2) Encrypt your communications. Use TLS. Use IPsec
Schneier is SPECIFICALLY recommending the use of VPN and HTTPS to protect yourself, and this recommendation was made a whopping 3 weeks ago. It would be awfully strange for a crypto expert to recommend the use of a broken technology, especially one as paranoid as Schneier. The "risk" hes identifying is that, as has ALWAYS been the case, adversaries do not attack encryption head on; they look for side-channels or ways of recovering the keys so that they do not have to brute force, and in this case the NSA apparently relies on trying to hack the endpoint and recover the VPN keys (the "shared secret" he references) for high-value targets.
He thinks RC4 has been cracked.
I dont believe he ever said that. This says "dont panic yet, but start to move away from RC4".
He is no where near as complacent as you are.
Im not "complacent", im just not ready to buy some rubbish speculation that "all VPNs" are vulnerable even though the relevant encryption algos havent been cracked yet and schneier is recommending we use IPSEC (probably the most widely used VPN tech out there).
Forgive me if I regard something so hysterical, lacking in details, and poorly informed as a reliable source. Show some evidence that its happened, show a crypto expert (Schneier etc) who regards these claims as plausible. Right now, everything is "the media says this", when headlines and journalists are historically the WORST informed on anything more technical than a wheel.
True it never says explicitly that they have cracked all VPNs,
It doesnt even make a specific claim! What VPN type, what encryption? It again gives NO credibility that they claim to have a way of dealing with "VPN" rather than a specific encryption.
Get over it. VPNs are gone.
Such a broad claim must be met only with disbelief. What, has the NSA cracked every form of encryption, symmetric and asymmetric alike? Can they crack OpenVPN running with static 4096-bit keys? I seriously doubt it, and Snowden specifically mentioned encryption being a problem. Rein in your hysteria and focus on the real issues rather than inventing bogeymen to fight.
You REALLY need to read the sources you quoted, the first one has Snowden basically saying "yes, encryption is a PITA for the NSA".
Do you require Obama's Testimony, or God's ? What?
Lets just focus on actually understanding the facts we have, rather than speculating. That seems enough of a hurdle between reporters who sensationalize things they dont understand, and slashdotters who are just technical enough to know that what the NSA is doing is "bad", but not why.
For the record, the "why" is "90% of unencrypted comms are in their hands". The silver lining is that SSL traffic is very possibly not, and we have nothing ATM to suggest otherwise except for speculation and extrapolation. Its fine to say "they might have found a way", its not fine to say "they have found a way because Snowden said so"-- because he didnt.
"RSA encryption" isnt based on ANY particular RNG (thats down to a case-by-case basis), and the RNG in question was used by "RSA-the-company", not "RSA-the-algorithm".
And YOU don't understand what would happen if "the man" in the middle has access to the certificates, either the masters or the actual certificates themselves.
Wow what a great idea! One problem, where is "the man" getting the private keys which are required to decrypt any communications using those certificates? Keeping in mind of course that not even Network Solutions or whoever your CA is ever sees that key.
Its almost as if you have no idea how SSL or PKI in general works.
Why would it surface? They do not need to fake anything if they have all the keys incl. private keys.
THEY DONT HAVE the private keys. NOONE has the private keys except for the individual or company who initiated the certificate request. You create a CSR and a private key, you send the CSR to GoDaddy, they provide you with a signed public cert.
The ONLY way for them to intercept SSL is to create their own certificate for google.com and sign it with their own root cert. When they do that, and you go to google, you can EASILY verify who signed the cert, and if its the DoD you can just rip that root CA out of your list. Problem solved, and noone will ever trust DoD root certs again.
People need to stop talking about SSL when they dont understand it-- its seriously annoying that people seem to assume that they understand cryptography better than the folks who set the system up, when they havent even bothered to research how it works.
What you describe with SSL has been known for YEARS, and the really great thing is, the first time a spoofed Google cert is discovered (trivial because when you inspect the SSL cert it will show a funky root CA), the signing CA can be immediately blacklisted by the major browsers.
You can MITM SSL, sure, and you will immediately lose your ability to do so once discovered.
Dual EC DRBG has been recognized as problematic basically since its inception, as a simple google search reveals, and RSA is basically the only one that jumped on that bandwagon.
You actually have no idea what the web is about do you?
Heres a hint: practically free self publication to an entire world with no effort. That part hasnt changed, and is easier than ever. Have Windows? 3 buttonclicks, and you have IIS up and ready to go. Have Linux? One or two commands and you have a LAMP stack ready to go.
What youre lamenting is apparently that a few freebies are being retracted because people are figuring out that giving randoms a soapbox on your site doesnt improve the quality of your site.
Slashdot Mirror
Even among republican circles I dont tend to hear Holder accused of intentionally arming cartels for their benefit-- that doesnt even make sense. Criminal incompetence / negligence? Maybe. But what purpose would he serve by giving random weapons to the cartel?
I just watched Enemy of the State and was amused to see them supposing this to be some republican dream. Come to find out, when your platform involves the government being responsible for absolutely everything, you tend to want a lot of intel on absolutely everything. Go figure that the most liberal state would have politicans who are incredibly liberal?
If the airforce were to mobilize against a civilian population, we would have the next civil war on our hands.
How are all the disconnected angry people with guns going to rebuild a society?
We did it in the last civil war. I think it would be more than just "people" in the situation you describe. Its possible that many states (particularly mid-west and southern) might wholesale rebel if the military were mobilized and martial law declared.
Ive been all over these type of threads many times, and I still dont really get what makes a food "processed", or what makes "processed" worse for you.
I mean its a great scare-word, conjuring up images of "chemicals" (another great scareword!), industrial equipment, and men in cleanroom suits, but does cane sugar count as "processed" (given the bleaching process)? What about cooking something, is that "processed"? Is dannon yogurt "processed"?
Id also note that "they" provide whatever foods are being demanded; you can hardly claim that theres no competition in the "food" industry, so if consumers didnt demand these foods noone would produce them.
what's not to like?
Well, the rampant ignorance over HFCS for one.
Given how remarkably similar HFCS is to straight up sucrose (and once your body processes it, the difference is negligable as they both become glucose / fructose mixes of almost the same ratio), it staggers belief that the problem is TYPE of sugar rather than quantity. I would argue that 40g of "sugars" per soda (thats ~1/10 lb) is the problem, not whether its "cane" or "corn" sugar, HFCS, "processed sugar", or whatever you want to call it.
and the population eats more cheap delicious sugar-laden junk in a self-reinforcing cycle.
Clearly thats a conspiracy by Monsanto, not a choice by consumers to eat bad foods. Anything at all to shift the blame off of the individual and on to "the man", right?
Part of the process of becoming older and wiser is rejecting unrealistic idealism.
Domes are realistic. Modifying plants to cope with a basically non-existent atmosphere, frigid temperatures, and no liquid water (since water cannot exist in a liquid state at that atmospheric pressure) is not.
Forge the CA so you can forge the certificates to do a man in the middle, its trivial. I've done it on multiple occasions at work in order to facilitate sniffing passwords to migrate users to different a new service (say from office365 to gmail without getting everyones passwords by asking).
That is detectable unless you happen to generate the exact same thumbprint as the "true" CA. This very article is about how some folks noticed "legitimate" but unrecognized certificates in the wild.
All it takes is a quick post to a Google Groups board (as happened here), and EVERYONE now knows that a cert was possibly forged, and they can quickly get confirmation from Google as to whether the cert you were presented is a legitimate Google-issued cert.
Im not saying it doesnt "work"; it "works" in the same vein that ARP poisoning works: You will get results, but EVERYONE will know what you are up to, and in this case it would result in the revocation or un-trusting of whatever root CA issued the phony intermediate cert.
Forge the CA, and the signing CA's thumbprint on the cert wont match. That would be sort of obvious and easy to see, sort of like how these guys are spotting this now.
Its possible this IS an NSA or whomever MITM, but I sort of doubt it precisely because of how easy to spot it is.
Plants dont generate O2 out of nothing; they need something to start with, and there isnt much there on Mars.
Heres a phase diagram of water.
http://www.phy.duke.edu/~hsg/363/table-images/water-phase-diagram.gif
The pressure on Mars is ~600 Pascals (wikipedia). If Im reading that chart right, you need a pressure of ~1kPa before liquid water is even possible.
What makes it not enough?
Wikipedia says that Mars' atmospheric pressure is less than 1% of earth's. Thats not a good starting point.
It helps if the planet in question has a more substantial atmosphere than
about 0.6% of Earth's mean sea level pressure of 101.3 kilopascals
if youre wanting to grow plants
He says he's encrypting everything, these days
Precisely, because encryption still works, regardless of what the media has convinced you.
He doesn't trust vpns
Please, please read the articles more carefully; you are missing what is actually being said due to the amount of hysteria that was whipped up. Here is what he actually said:
TAO also hacks into computers to recover long-term keys. So if you're running a VPN that uses a complex shared secret to protect your data and the NSA decides it cares, it might try to steal that secret. .....How do you communicate securely against such an adversary? Snowden said it in an online Q&A soon after he made his first document public: "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on."....
I have five pieces of advice:...
2) Encrypt your communications. Use TLS. Use IPsec
Schneier is SPECIFICALLY recommending the use of VPN and HTTPS to protect yourself, and this recommendation was made a whopping 3 weeks ago. It would be awfully strange for a crypto expert to recommend the use of a broken technology, especially one as paranoid as Schneier. The "risk" hes identifying is that, as has ALWAYS been the case, adversaries do not attack encryption head on; they look for side-channels or ways of recovering the keys so that they do not have to brute force, and in this case the NSA apparently relies on trying to hack the endpoint and recover the VPN keys (the "shared secret" he references) for high-value targets.
He thinks RC4 has been cracked.
I dont believe he ever said that. This says "dont panic yet, but start to move away from RC4".
He is no where near as complacent as you are.
Im not "complacent", im just not ready to buy some rubbish speculation that "all VPNs" are vulnerable even though the relevant encryption algos havent been cracked yet and schneier is recommending we use IPSEC (probably the most widely used VPN tech out there).
HTTPS AND SSL? My goodness, and VOIP as well!
Forgive me if I regard something so hysterical, lacking in details, and poorly informed as a reliable source. Show some evidence that its happened, show a crypto expert (Schneier etc) who regards these claims as plausible. Right now, everything is "the media says this", when headlines and journalists are historically the WORST informed on anything more technical than a wheel.
True it never says explicitly that they have cracked all VPNs,
It doesnt even make a specific claim! What VPN type, what encryption? It again gives NO credibility that they claim to have a way of dealing with "VPN" rather than a specific encryption.
Get over it. VPNs are gone.
Such a broad claim must be met only with disbelief. What, has the NSA cracked every form of encryption, symmetric and asymmetric alike? Can they crack OpenVPN running with static 4096-bit keys? I seriously doubt it, and Snowden specifically mentioned encryption being a problem. Rein in your hysteria and focus on the real issues rather than inventing bogeymen to fight.
That would not be possible, considering noone sells graphics RAM for consumer installation.
How, exactly, are they getting Google's private keys?
Saying that the NSA has cracked - say - IPSEC encryption makes sense.
It makes grammatical sense, but not technical sense. Theres no way Im buying that theyve cracked all IPSEC without some fairly good evidence.
Snowden NEVER SAID SSL WAS BROKEN.
You REALLY need to read the sources you quoted, the first one has Snowden basically saying "yes, encryption is a PITA for the NSA".
Do you require Obama's Testimony, or God's ? What?
Lets just focus on actually understanding the facts we have, rather than speculating. That seems enough of a hurdle between reporters who sensationalize things they dont understand, and slashdotters who are just technical enough to know that what the NSA is doing is "bad", but not why.
For the record, the "why" is "90% of unencrypted comms are in their hands". The silver lining is that SSL traffic is very possibly not, and we have nothing ATM to suggest otherwise except for speculation and extrapolation. Its fine to say "they might have found a way", its not fine to say "they have found a way because Snowden said so"-- because he didnt.
"RSA encryption" isnt based on ANY particular RNG (thats down to a case-by-case basis), and the RNG in question was used by "RSA-the-company", not "RSA-the-algorithm".
And YOU don't understand what would happen if "the man" in the middle has access to the certificates, either the masters or the actual certificates themselves.
Wow what a great idea! One problem, where is "the man" getting the private keys which are required to decrypt any communications using those certificates? Keeping in mind of course that not even Network Solutions or whoever your CA is ever sees that key.
Its almost as if you have no idea how SSL or PKI in general works.
http://en.wikipedia.org/wiki/Certificate_signing_request#Procedure
Before creating a CSR, the applicant first generates a key pair, keeping the private key secret.
Noone can copy a certificate without that private key, which is never disclosed to ANYONE-- not even the signing CA.
Why would it surface? They do not need to fake anything if they have all the keys incl. private keys.
THEY DONT HAVE the private keys. NOONE has the private keys except for the individual or company who initiated the certificate request. You create a CSR and a private key, you send the CSR to GoDaddy, they provide you with a signed public cert.
The ONLY way for them to intercept SSL is to create their own certificate for google.com and sign it with their own root cert. When they do that, and you go to google, you can EASILY verify who signed the cert, and if its the DoD you can just rip that root CA out of your list. Problem solved, and noone will ever trust DoD root certs again.
People need to stop talking about SSL when they dont understand it-- its seriously annoying that people seem to assume that they understand cryptography better than the folks who set the system up, when they havent even bothered to research how it works.
What you describe with SSL has been known for YEARS, and the really great thing is, the first time a spoofed Google cert is discovered (trivial because when you inspect the SSL cert it will show a funky root CA), the signing CA can be immediately blacklisted by the major browsers.
You can MITM SSL, sure, and you will immediately lose your ability to do so once discovered.
Dual EC DRBG has been recognized as problematic basically since its inception, as a simple google search reveals, and RSA is basically the only one that jumped on that bandwagon.
You actually have no idea what the web is about do you?
Heres a hint: practically free self publication to an entire world with no effort. That part hasnt changed, and is easier than ever. Have Windows? 3 buttonclicks, and you have IIS up and ready to go. Have Linux? One or two commands and you have a LAMP stack ready to go.
What youre lamenting is apparently that a few freebies are being retracted because people are figuring out that giving randoms a soapbox on your site doesnt improve the quality of your site.
If driving a sports car were illegal then maybe youd have a point.