> The main problem for me is all recruitment agents demand resumes in MS Word > format. While this is ridiculous and I'm sure PDF would be fine for them, > they don't budge.
Don't know where you are but when I last job-hunted, I saw only a handful of agencies with such silly requirements. And guess what...I still sent it as PDF (my resume is a simple Text file...only cut/pasted into OOo and saved as PDF so it really presented as intended). For all I care they can demand whatever they want. In the end, if they decide to ditch my application it's a loss of potential placement commission for them. Simple economics at work. Have found good jobs regardless because what matters is what you can do and your experiences doing that. If I in charge at a company and found out that my HR department limits the application pool based on file formats, I'd fire every one of them.
Actually it's been flying for over three years but nobody ever saw it. The plane from the photo is, well, just a carefully chosen look-as-if prop to mislead the world. There IS, however, a way to see the real plane too, but it involves filtering out the light-/infrared- and radar-blocking emanations this plane sends out. Would love to give you more details on constructing an easy home-made device utilizing commonly available kitchen supplies but I am already late for my Doctor's appointment. And last time the session was too short to present the compelling evidence I have gathered, that this plane does keep hovering right over my trailer... o_O
Thanks for the listing. The what you called 'fake shutdown' is actually what got me asking. Had it turned off...so I thought...but the next morning the alarm started squeaking, leaving me somewhat bewildered. For all intents and purposes it did look as if OFF, when perhaps all it did was shut down the display.
> I happen to work as a security firmware developer for a major phone manufacturer
Perhaps you can answer me a question:
If a phone is turned OFF (as in hitting the big button on top) can it still be called and used against you as a roving bug? What about location tracking?
> But really... if you can't trust the computer with your GPG key, do > you REALLY want to be logging into a sensitive website using the > same computer?
> (We really need an open hardware solution like a credit card sized > calculator where you type in a 4 digit challenge and get back an 8 > digit response that you have to key in. Combined with passwords it > would be "good enough" and a big step up from today's systems.)
So why not go the easy and direct route: Instead of putzing around with passwords the user on registration gets asked to upload his public GPG key. On each subsequent login the site sends an encrypted challenge that gets decrypted with the secret key (obviously). A signed (and optionally encrypted) response gets sent back and voila...login succeeded. I can't believe we reinvent the wheel 20 times over and still have no single sign-on (via your GPG passphrase) even though we got all the tools.
The first part I don't quite accept as it is a mere attempt at rationalization (IMHO).
The second part, however, I can relate to. Interesting. The question arises, of course,... now that you have all that inside knowledge what do you do with it?
> Still, if you think anything you send via email unencrypted > anywhere in the Western world is safe from the US government (and, > by extension, any government able to penetrate the US government), > you're dreaming.
Agree with you, but the problem is, that the compromised security or privacy is not visible to the end-user. It therefore has, among most people, the same amount of threat as getting poked in the rear by a unicorn. Hence the vast majority does not engage in protective measures, such as using end-to-end encryption. By deciding such, they further force those, that would use protected communications to also remain in the clear and in the open. I have yet to come across a way to present the very real threats as, well, very real threats. Suggestions anyone?
> I spent 2 years helping implement CALEA for Sprint/Nextel and > was the point person for much of the integration.
Thanks for the info, chill. Say, how do you sleep at night knowing you're part of the problem...as in destroying everything this country once stood for?
> The FBI doesn't like letting the target of their investigations > know they're been snooped upon... and the service provider is glad > to not tell you they've violated their own privacy policy by giving > out info without the proof that they're being legally obligated to > do so.
Great point. In fact, most contracts with Telco's have in some form or another this (paraphrased): "We won't share your information with any third parties unless LEGALLY REQUIRED to do so by law enforcement etc.". There's a very easy solution to this: If it does get out, that a customer has had his/her records transferred to the FBI via Post-It request (hardly 'legally required'), s/he'll have to sue the crap out of the offending telco for BREACH OF CONTRACT. If enough people do this and most likely win, the telco's will be a lot more careful in the future about stuff like that.
Unless you're Airbus who lost a $6 billion contract due to snooping of their communications or any number of companies, known and unknown, who had their product data leeched off the ether in some fashion.
> And for 99% of my communications, I don't care if someone listens. > There really isn't anything of any importance -- which is why no > one's listening. It simply has no value to them at that capacity.
Nice attempt at rationalization. Fact is, that you DO NOT decide what's valuable to someone else nor whether somebody will be listening.
Slashdot Mirror
> The main problem for me is all recruitment agents demand resumes in MS Word
> format. While this is ridiculous and I'm sure PDF would be fine for them,
> they don't budge.
Don't know where you are but when I last job-hunted, I saw only a handful of
agencies with such silly requirements. And guess what...I still sent it as PDF
(my resume is a simple Text file...only cut/pasted into OOo and saved as PDF so
it really presented as intended). For all I care they can demand whatever they
want. In the end, if they decide to ditch my application it's a loss of
potential placement commission for them. Simple economics at work. Have found
good jobs regardless because what matters is what you can do and your
experiences doing that.
If I in charge at a company and found out that my HR department limits the
application pool based on file formats, I'd fire every one of them.
> The current generation probably doesn't even know who David Hasselhoff is.
The current David Hasselhoff probably doesn't even know who David Hasselhoff is.
TFIFY!
Well, we could always use the data gathered by the Windows Update Tool and get real and precise data of installed packages...
> means I can take my entire music collection wherever I go. 1.5TB, ripped to flac
Good thing, you didn't rip it into OGG... :-/
> my girlfriend is 16 years younger and can hardly understand a word I say
Well, you could try using your dentals once in a while... :-P
If anonymity is outlawed, only outlaws will have anonymity...
> How do you say "the Party is always right" in Chinese?
One shot with an AK-47. For extra persuasion to the back of the head.
> The Sukhoi PAK FA... NATO reporting name: Firefox
Well, if it's in use and then keeps crashing a lot into electrical switch stations and the like, they might rename it to Internet Explorer. :-)
Actually it's been flying for over three years but nobody ever saw it. The plane from the photo is, well, just a carefully chosen look-as-if prop to mislead the world.
There IS, however, a way to see the real plane too, but it involves filtering out the light-/infrared- and radar-blocking emanations this plane sends out. Would love to give you more details on constructing an easy home-made device utilizing commonly available kitchen supplies but I am already late for my Doctor's appointment. And last time the session was too short to present the compelling evidence I have gathered, that this plane does keep hovering right over my trailer... o_O
Thanks for the listing. The what you called 'fake shutdown' is actually what got me asking. Had it turned off...so I thought...but the next morning the alarm started squeaking, leaving me somewhat bewildered. For all intents and purposes it did look as if OFF, when perhaps all it did was shut down the display.
Konjeschno!
> I happen to work as a security firmware developer for a major phone manufacturer
Perhaps you can answer me a question:
If a phone is turned OFF (as in hitting the big button on top) can it still be called and used against you as a roving bug? What about location tracking?
> But really... if you can't trust the computer with your GPG key, do
> you REALLY want to be logging into a sensitive website using the
> same computer?
> (We really need an open hardware solution like a credit card sized
> calculator where you type in a 4 digit challenge and get back an 8
> digit response that you have to key in. Combined with passwords it
> would be "good enough" and a big step up from today's systems.)
So why not go the easy and direct route: Instead of putzing around
with passwords the user on registration gets asked to upload his
public GPG key. On each subsequent login the site sends an encrypted
challenge that gets decrypted with the secret key (obviously). A
signed (and optionally encrypted) response gets sent back and
voila...login succeeded. I can't believe we reinvent the wheel 20
times over and still have no single sign-on (via your GPG passphrase)
even though we got all the tools.
the victims of this heinous crime? If I was a lawyer I'd insist on testimony from them!
Anything out there and any experience with it? Not sure if you can ZRTP with video conferencing as well (it being geared towards VOIP).
Appreciate your explanation, chill. Thanks!
The first part I don't quite accept as it is a mere attempt at rationalization (IMHO).
The second part, however, I can relate to. Interesting. The question arises, of course, ... now that you have all that inside knowledge what do you do with it?
> Still, if you think anything you send via email unencrypted
> anywhere in the Western world is safe from the US government (and,
> by extension, any government able to penetrate the US government),
> you're dreaming.
Agree with you, but the problem is, that the compromised security or
privacy is not visible to the end-user. It therefore has, among most
people, the same amount of threat as getting poked in the rear by a
unicorn. Hence the vast majority does not engage in protective
measures, such as using end-to-end encryption. By deciding such, they
further force those, that would use protected communications to also
remain in the clear and in the open. I have yet to come across a way
to present the very real threats as, well, very real threats.
Suggestions anyone?
> I spent 2 years helping implement CALEA for Sprint/Nextel and
> was the point person for much of the integration.
Thanks for the info, chill. Say, how do you sleep at night knowing you're part of the problem...as in destroying everything this country once stood for?
> The FBI doesn't like letting the target of their investigations
> know they're been snooped upon... and the service provider is glad
> to not tell you they've violated their own privacy policy by giving
> out info without the proof that they're being legally obligated to
> do so.
Great point. In fact, most contracts with Telco's have in some form
or another this (paraphrased): "We won't share your information with
any third parties unless LEGALLY REQUIRED to do so by law enforcement
etc.".
There's a very easy solution to this: If it does get out, that a
customer has had his/her records transferred to the FBI via Post-It
request (hardly 'legally required'), s/he'll have to sue the crap out
of the offending telco for BREACH OF CONTRACT. If enough people do
this and most likely win, the telco's will be a lot more careful in
the future about stuff like that.
In Soviet Russia, KGB gets your phone records.
Congrats, USA! Well-done.
> Encryption, and security in general has no ROI
Unless you're Airbus who lost a $6 billion contract due to snooping of their communications or any number of companies, known and unknown, who had their product data leeched off the ether in some fashion.
> Key management becomes impossible past more than a couple of keys
> and the whole process is just incredibly tedious.
What part of it do you find difficult? (honest question...trying to understand)
> When we realized that nothing we were saying mattered to anyone
> interesting (pick a 3 letter acronym), we stopped bothering.
Out of interest...how did you 'realize'?
> And for 99% of my communications, I don't care if someone listens.
> There really isn't anything of any importance -- which is why no
> one's listening. It simply has no value to them at that capacity.
Nice attempt at rationalization. Fact is, that you DO NOT decide
what's valuable to someone else nor whether somebody will be
listening.
> tell them that their e-mail can be read by anyone, anywhere, anytime.
> Guarantee their reaction will be more of shock than of understanding.
Actually it'll be denial: "I don't care if anyone reads what I write". Which, of course, is bullshit.