This is either bullshit, or you're doing it very, very wrong. Even assuming a dumbass flat file at 4 KB per row for 62 days, that's over a thousand rows per second.
Hiding behind orders, a badge, or a job isn't an excuse. If you do terrible shit or work for people who do terrible shit, expect retaliation. You're free to weigh said "terrible shit" however you wish. Taken to an extreme. the Nazis were everyday folk just earning a living - many probably sharing your view on the matter of the war, holocaust, etc.
This is not three-factor authentication. Username is not a factor because it is not considered secret.
A username is not a secret piece of information. A stored hash is not a secret piece of information. A password is a secret piece of information. A salt is not a secret piece of information. An RSA clock's seed is a secret piece of information, but the user doesn't know it, and it lies exposed on the validating server.
The only thing RSA clocks prevent is remote, delayed attacks. An attacker acting at the same time a user is doing shit will be able to sniff/MITM and use the output of the RSA clock just as the user would. Note that this attacker can be fully automated software that is always awake and watching the compromised boxes.
Actual two-factor security would be you going somewhere, someone verifying that you look like you and are behaving normally, and the system verifying your password/pin/etc.
How do I use my eyes to tell them I want sausage, EXTRA cheese, a shitload of garlic, mushrooms on ONLY HALF of the pizza, and for them to cook it "well done" (aka, properly)?
0: The source code for Android is not available to the end user. AOSP is not Android.
1: In 99.999999% of cases, the OS is not compiled from source by the end user.
2: In the handful of cases where the end user compiles everything from source (OS, bootloader, radios, everything), the end user won't have reviewed the source code.
3: Any phone with Google's services can be controlled by Google remotely. You can lock your phone right now and you'll be able to remote-install programs from the play store via the web. Even if you trust this encryption, it only works while your phone is encrypted. As soon as you boot your phone you'll be prompted to decrypt it and it stays decrypted until you re-encrypt it (by turning it off). If you are picked up while your phone is on, you're screwed. If you are targeted before you're picked up, they'll push malware to your phone to grab your key or otherwise disable the encryption.
4: You'll simply rot in a cell if you refuse to unlock (and decrypt) your seized device.
5: While you rot in a cell, the manufacturer is getting your phone and a national security letter instructing them to try any and all means to decrypt the device.
As far as the specific backdoors Google/Apple have implemented, I couldn't tell you, but as a person who has been paying attention for the last 15 years, I'm absolutely sure that they have them.
The separate cert store is separate from certificate pinning. Chrome has certificate pinning, and MS supports it via EMET (and pinning rules set up through EMET will work for any program that uses the OS cert store properly).
Not only that, but they fucking maintain their own DB of certs instead of relying on the OS. So I can install and trust a cert on my machine (or everyone's machine by policy) but Firefox won't fucking play by the rules. You have to find and use an obscure tool just to manage certs for Firefox. No thanks, assholes.
This is based on WebRTC which is a W3C draft that both Safari and Internet Explorer have committed to implement. There has to be a first browser to implement any proposed standard.
Not all proposed standards should be implemented. This one shouldn't, nor should the DRM one, etc.
A mile is a discreet unit equal to 5280 feet. 2000 MPH is exactly 10560000 feet per hour, regardless of how many significant figures you think "2000 MPH" has. (Hint: It has 4. Zeros are significant. If they aren't, you're not supposed to write them.) An hour is equal to 3600 seconds, regardless of whether you write it as 3.6 x 10^3 s or 3600 seconds or 1 hour or.001 khour. Or do you believe an hour is 3 kilo seconds?
Unit conversion does not involve significant figures unless the conversion factor itself is expressed to a specific significance. 15 MPH is EXACTLY 22 FPS. You do not perform truncating due to significant figures during calculations not involving other significant figures. Truncation is to be performed after all calculation.
Further, if you performed truncating due to significant figures in my calculation (2000 * 22 FPS / 15 MPH) you would end up with 2933 feet. If you wanted to claim "2000 MPH" really meant "between 2000 and 3000 MPH" then it should have been written as "2x10^3 MPH or 2 kMPH)
You cannot have Bittorrent work (distributing files to anyone who wants to get them) while blocking the bad guys from participating because the bad guys can be anyone. Alternatively, you can't have Bittorrent be efficient (fast) if you plug it full of fake data.
Bittorrent connects hosts to hosts to distribute files. these hosts don't know each other so they must communicate publicly to some degree. Anyone (including the bad guys) can and must do so for Bittorrent to work. The ONLY way to solve it is as I have stated. This is how the internet works. It's the fundamental design of the thing.
Problem is any actor with money who wants it is able to extract a more or less complete picture of activity occurring on bit torrent.
The system as it exists today is simply too open and too transparent creating a lightning rod from intelligence being wielded to justify all manner of legislative unpleasantries.
If exposure issues are not fixed in bit torrent eventually we will see legislative reality that harms everyone more than any illegal activity.
This is how the entire internet works, not just bittorrent. The only way to securely encrypt communication over the internet is end-to-end with pre-shared (SHARED OFFLINE) keys (keys, passwords, certificates, etc. all work as long as you don't use the established certificate authorities). The only way to hide your activity (as opposed to encrypting the contents) is to never use the same MAC address or connection twice.
The internet connects hosts to hosts. Every single packet touching a major ISP is logged and tracked by the government. Every single certificate authority can be leveraged against you (the government has access to their keys) making anything any cert chain involving them vulnerable to MITM.
If you want SECURE communication establish the security OFFLINE. You CANNOT trust the channel. If you want HIDDEN communication then ACTUALLY HIDE IT - don't connect from your home connection that's billed in your name, and don't rely on VPNs or proxies for anonymity - they're a speed bump at best, not even a hurdle.
I cannot form any opinions on this matter until Bennett Haselton (frequent contributor) tells me what to think.
This is either bullshit, or you're doing it very, very wrong.
Even assuming a dumbass flat file at 4 KB per row for 62 days, that's over a thousand rows per second.
Hiding behind orders, a badge, or a job isn't an excuse. If you do terrible shit or work for people who do terrible shit, expect retaliation. You're free to weigh said "terrible shit" however you wish.
Taken to an extreme. the Nazis were everyday folk just earning a living - many probably sharing your view on the matter of the war, holocaust, etc.
This is not three-factor authentication. Username is not a factor because it is not considered secret.
A username is not a secret piece of information.
A stored hash is not a secret piece of information.
A password is a secret piece of information.
A salt is not a secret piece of information.
An RSA clock's seed is a secret piece of information, but the user doesn't know it, and it lies exposed on the validating server.
The only thing RSA clocks prevent is remote, delayed attacks. An attacker acting at the same time a user is doing shit will be able to sniff/MITM and use the output of the RSA clock just as the user would. Note that this attacker can be fully automated software that is always awake and watching the compromised boxes.
Actual two-factor security would be you going somewhere, someone verifying that you look like you and are behaving normally, and the system verifying your password/pin/etc.
The only thing that works is a board with a nail in it.
How do I use my eyes to tell them I want sausage, EXTRA cheese, a shitload of garlic, mushrooms on ONLY HALF of the pizza, and for them to cook it "well done" (aka, properly)?
0: The source code for Android is not available to the end user. AOSP is not Android.
1: In 99.999999% of cases, the OS is not compiled from source by the end user.
2: In the handful of cases where the end user compiles everything from source (OS, bootloader, radios, everything), the end user won't have reviewed the source code.
3: Any phone with Google's services can be controlled by Google remotely. You can lock your phone right now and you'll be able to remote-install programs from the play store via the web. Even if you trust this encryption, it only works while your phone is encrypted. As soon as you boot your phone you'll be prompted to decrypt it and it stays decrypted until you re-encrypt it (by turning it off). If you are picked up while your phone is on, you're screwed. If you are targeted before you're picked up, they'll push malware to your phone to grab your key or otherwise disable the encryption.
4: You'll simply rot in a cell if you refuse to unlock (and decrypt) your seized device.
5: While you rot in a cell, the manufacturer is getting your phone and a national security letter instructing them to try any and all means to decrypt the device.
As far as the specific backdoors Google/Apple have implemented, I couldn't tell you, but as a person who has been paying attention for the last 15 years, I'm absolutely sure that they have them.
Of course they can. Google and Apple absolutely have ways in. Anyone believing otherwise is a fool.
Somebody downloaded Predestination over the weekend.
Encyclopedia Dramatica is the only one worth anything.
even though shitty operating systems won't fucking recognize the shitty certificate in their shitty default browsers
Install the certificate and make sure it's resolvable all the way up to a trusted root CA.
The separate cert store is separate from certificate pinning.
Chrome has certificate pinning, and MS supports it via EMET (and pinning rules set up through EMET will work for any program that uses the OS cert store properly).
Learn to read, retard. This is Firefox's shitty design. It's working as intended. It's a feature, not a bug. Etc.
Not only that, but they fucking maintain their own DB of certs instead of relying on the OS.
So I can install and trust a cert on my machine (or everyone's machine by policy) but Firefox won't fucking play by the rules.
You have to find and use an obscure tool just to manage certs for Firefox. No thanks, assholes.
This is based on WebRTC which is a W3C draft that both Safari and Internet Explorer have committed to implement. There has to be a first browser to implement any proposed standard.
Not all proposed standards should be implemented.
This one shouldn't, nor should the DRM one, etc.
Every single keystroke and mouse click is sent to Google. This includes while using the "private" modes.
Must.
Crush.
Capitalism.
http://vimeo.com/87962641
A mile is a discreet unit equal to 5280 feet. 2000 MPH is exactly 10560000 feet per hour, regardless of how many significant figures you think "2000 MPH" has. (Hint: It has 4. Zeros are significant. If they aren't, you're not supposed to write them.) An hour is equal to 3600 seconds, regardless of whether you write it as 3.6 x 10^3 s or 3600 seconds or 1 hour or .001 khour. Or do you believe an hour is 3 kilo seconds?
Unit conversion does not involve significant figures unless the conversion factor itself is expressed to a specific significance. 15 MPH is EXACTLY 22 FPS.
You do not perform truncating due to significant figures during calculations not involving other significant figures. Truncation is to be performed after all calculation.
Further, if you performed truncating due to significant figures in my calculation (2000 * 22 FPS / 15 MPH) you would end up with 2933 feet.
If you wanted to claim "2000 MPH" really meant "between 2000 and 3000 MPH" then it should have been written as "2x10^3 MPH or 2 kMPH)
You cannot have Bittorrent work (distributing files to anyone who wants to get them) while blocking the bad guys from participating because the bad guys can be anyone.
Alternatively, you can't have Bittorrent be efficient (fast) if you plug it full of fake data.
Bittorrent connects hosts to hosts to distribute files. these hosts don't know each other so they must communicate publicly to some degree. Anyone (including the bad guys) can and must do so for Bittorrent to work. The ONLY way to solve it is as I have stated. This is how the internet works. It's the fundamental design of the thing.
No one but a reporter talks about bullets in miles per hour. 2000 MPH is about 3000 feet per second.
2933 feet, 4 inches per second. Exactly. 15 MPH = 22 FPS.
Shooting first.
Problem is any actor with money who wants it is able to extract a more or less complete picture of activity occurring on bit torrent.
The system as it exists today is simply too open and too transparent creating a lightning rod from intelligence being wielded to justify all manner of legislative unpleasantries.
If exposure issues are not fixed in bit torrent eventually we will see legislative reality that harms everyone more than any illegal activity.
This is how the entire internet works, not just bittorrent.
The only way to securely encrypt communication over the internet is end-to-end with pre-shared (SHARED OFFLINE) keys (keys, passwords, certificates, etc. all work as long as you don't use the established certificate authorities).
The only way to hide your activity (as opposed to encrypting the contents) is to never use the same MAC address or connection twice.
The internet connects hosts to hosts.
Every single packet touching a major ISP is logged and tracked by the government.
Every single certificate authority can be leveraged against you (the government has access to their keys) making anything any cert chain involving them vulnerable to MITM.
If you want SECURE communication establish the security OFFLINE. You CANNOT trust the channel.
If you want HIDDEN communication then ACTUALLY HIDE IT - don't connect from your home connection that's billed in your name, and don't rely on VPNs or proxies for anonymity - they're a speed bump at best, not even a hurdle.
Girls have developed faster then boys at that age since always. It is a well known trait.
It's a popular myth.
Thus accounting for the fact that they suddenly can't hit the broadside of a barn anymore...
Only Imperial Stormtroopers are this precise.
Not canon.