"He did so by adding some code and text âoein a nonmalicious mannerâ to his evaluation document that showed that the vulnerability existed, he said. His immediate supervisor signed off on it and sent it through the system, but a more senior manager â" the man Mr. Snowden had challenged earlier â" was furious and filed a critical comment in Mr. Snowdenâ(TM)s personnel file, he said."
"But the incident, Mr. Snowden said, convinced him that trying to work through the system would only lead to punishment."
So, once again, we have a petty middle manager who can't stand uppity nerds, and if only he hadn't involved himself, this whole affair wouldn't have happened. I'm sure that that middle manager feels mighty proud of himself now.
Because a few weeks ago somebody who was simply critical of the NSA practices was actually banned entry into the US. Yeah, just let it sink in for a few minutes.
IP was standardized, right? I mean, you don't have to have clearance, or be a government rep, to visit the IETF? Well, maybe IP is a bad example as such, but nowadays, there are many networking protocols that come out of the public domain. Why couldn't it be the same for cryptography?
"If I come up with an invention, and not pay the state, or (in the EU) not pay the state before I publicize it, the state takes ownership of it (steals it)."
No, the public gets it. That is not the same. It was pre-shared, as it were.
I'm sure it was not your intention, but right now you're leaving the impression that their (the FBI's, assumed) plan actually worked. For the record: it didn't, it was discovered before it could do any damage, they made a big stink about it, and it was never tried again.
OpenVPN is not the same concept as IPsec at all - therein lies the rub. OpenVPN is a service maintaining a connection (as if it were a wire) and a virtual network device, IPsec sits in your kernel, next to your packet stack and does cryptography packet-for-packet. The differences are too great to really compare them.
Any *good* RNG will rely on machine transactions that are made on hardware (disk accesses, network packet timings, etc) that are ordinarily unpredictable but also *very* un-inspectable.
Good luck with running all those trans-atlantic cables man. Oh - you thought that they were free? Well, they're not. Telecommunications companies run them and want money for it, even if you want to 'take back the internet' from them.
I seem to remember that a discussion on whether to use the Intel RNG or not in the Linux kernel (/dev/random being horribly slow) was recently won in favor in Intel. Might this be something?
then it's nothing that PRISM won't fix. I, for one, am never going to use that product again. Which is a shame, because I really liked it (and I'm sometimes away for work and like to video-chat with my family back at home).
Corporations are not intrinsically corrupt, unless they run afoul of corruption laws, and many, many of them simply do not. The fact that thing happen inside corporations that *would* be corrupt if they happened inside the civil service (like automatically appointing the son of the boss, like having favorite suppliers), does not mean that corporations are corrupt. To them, it is perfectly legal.
Slashdot Mirror
"He did so by adding some code and text âoein a nonmalicious mannerâ to his evaluation document that showed that the vulnerability existed, he said. His immediate supervisor signed off on it and sent it through the system, but a more senior manager â" the man Mr. Snowden had challenged earlier â" was furious and filed a critical comment in Mr. Snowdenâ(TM)s personnel file, he said."
"But the incident, Mr. Snowden said, convinced him that trying to work through the system would only lead to punishment."
So, once again, we have a petty middle manager who can't stand uppity nerds, and if only he hadn't involved himself, this whole affair wouldn't have happened. I'm sure that that middle manager feels mighty proud of himself now.
Because a few weeks ago somebody who was simply critical of the NSA practices was actually banned entry into the US. Yeah, just let it sink in for a few minutes.
[wtfamireading.jpg]
You mean, like HTML?
Okay. Sure. Hadn't thought of that. I also understand that buying a DDoS is easy these days: even schoolkids do it.
What's your router's MAC address got to do with it?
Reminds me of the hippie girl picture: I never realized how cool wars where until Obama started them.
That word.. it does not mean what you think it means.
Well that's just great - let's fill up a large spaceship and send them all there, I'd say!
How about time-travel?
Cue to the NSA wanting the information in 3.. 2..
IP was standardized, right? I mean, you don't have to have clearance, or be a government rep, to visit the IETF? Well, maybe IP is a bad example as such, but nowadays, there are many networking protocols that come out of the public domain. Why couldn't it be the same for cryptography?
"If I come up with an invention, and not pay the state, or (in the EU) not pay the state before I publicize it, the state takes ownership of it (steals it)."
No, the public gets it. That is not the same. It was pre-shared, as it were.
Where in the article does it say that he declined?
Harry Potter is crap, man. I don't know why you would defend that.
Are you not confusing 'mean' and 'average'?
I'm sure it was not your intention, but right now you're leaving the impression that their (the FBI's, assumed) plan actually worked. For the record: it didn't, it was discovered before it could do any damage, they made a big stink about it, and it was never tried again.
Indeed. OpenVPN has 'null encryption'. Just authentication network traffic, or even just tunneling, serves its own purposes.
OpenVPN is not the same concept as IPsec at all - therein lies the rub. OpenVPN is a service maintaining a connection (as if it were a wire) and a virtual network device, IPsec sits in your kernel, next to your packet stack and does cryptography packet-for-packet. The differences are too great to really compare them.
Any *good* RNG will rely on machine transactions that are made on hardware (disk accesses, network packet timings, etc) that are ordinarily unpredictable but also *very* un-inspectable.
Good luck with running all those trans-atlantic cables man. Oh - you thought that they were free? Well, they're not. Telecommunications companies run them and want money for it, even if you want to 'take back the internet' from them.
I seem to remember that a discussion on whether to use the Intel RNG or not in the Linux kernel (/dev/random being horribly slow) was recently won in favor in Intel. Might this be something?
The following documents were published in 2006 by NIST that relate to IT security:
SP 800-96 PIV Card to Reader Interoperability Guidelines
SP 800-103 DRAFT An Ontology of Identity Credentials, Part I: Background and Formulation
SP 800-92 Guide to Computer Security Log Management
SP 800-89 Recommendation for Obtaining Assurances for Digital Signature Applications
SP 800-88 Guidelines for Media Sanitization
SP 800-69 Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist
SP 800-18 Rev.1 Guide for Developing Security Plans for Federal Information Systems
then it's nothing that PRISM won't fix. I, for one, am never going to use that product again. Which is a shame, because I really liked it (and I'm sometimes away for work and like to video-chat with my family back at home).
Corporations are not intrinsically corrupt, unless they run afoul of corruption laws, and many, many of them simply do not. The fact that thing happen inside corporations that *would* be corrupt if they happened inside the civil service (like automatically appointing the son of the boss, like having favorite suppliers), does not mean that corporations are corrupt. To them, it is perfectly legal.