Ice Bears store energy as ice reserves for later air conditioning use when the sun goes down. This sounds like it would fit best in a sunny but humid climate where nighttime cooling needs are greatest. http://www.ice-energy.com/
Keep all the complex interfaces and code if you need them, but put them behind very small paravirtualization codebase ingrained into the OS which keeps them isolated -- from the core system, and from each other. Really, even your devices like USB controllers and NICs can be treated as untrusted in this way if you have an IOMMU. And you can have it in a normal desktop GUI.
Kernel-implemented security is a failure; Its ridiculous to go through continued years & decades of pain by relying on it and worrying about breakouts from its weak sandboxing tactics.
Proper security on a network is properly done at the endpoints. Its doesn't belong anywhere else.
What is Mozilla thinking?? They could help fund Convergence.io. They could implement clever ways to get it to ride on existing social networks. They could look at network privacy layers that use public keys as addresses. There are options for improving privacy that don't involve elevating the PKi clusterf*ck any further.
This is the one thing QubesOS could use to improve its security-by-isolation approach: Detection and repair in VMs. Even if you assume the hypervisor stays safe (and therefore, your trusted VMs stay safe), you're still relying on VMs to get everything done and the VMs doing the risky tasks are vulnerable to attack. It would be nice if those less-trusted VMs could get automatically restored after a successful attack.
There are no privileged routers (or 'guard' nodes) on I2P, and from the perspective of "relays" I2P has many times the number Tor has.
Its way better than Tor when you're looking mainly to communicate with other anon sites/users. Comes with bittorrent and an option for decentralized (serverless) securemail.
Its dumbasses like you that think "As long as you are voting for the lesser of two evils you are making a difference"
There is such a thing as a protest vote, "dumbass".
Showing up to vote is critically important. At the very least it ensures the authorities will have to do the dirty, dirty work of physically turning people away if they have been purged from the rolls.
As a (primarily desktop) Linux user since 1998, the unfolding of this debacle is starting to look like an example of why Linux distros in general lack appeal in the desktop space. Desktop/laptop users can't 'make do' with server architecture; there isn't enough veritcal integration of the powerful features we need. When layers represented by systemd and wayland must be considered swappable, the more talented users turn off to the possiblity of building stable user-facing applications on that platform.
One bit of advice is, don't be such primadonnas. Like the laptop users, you'll have to explain to the world which workflows and features are getting broken by these recent changes. OTOH, if all that's getting 'broken' is your philosophy then you might want to take a step back and consider that a better (if larger) one may have replaced it.
Thus, any packet sniffer out there (be it by a credit card thief, the NSA - who may also be credit card thieves, or anyone else) can't look for context to decide what packets to grab. There is no context.
Actually, there is the very important context of who is transmitting to whom, and when, which IPSec is giving away. Each user, therefore, might as well be the subject of a pen register.
With I2P, all they see is a stream of encrypted packets to random points and even the 'when' is obscurred (I2P users onion-route traffic for other users by default and expectation, so you can think of this protocol as marrying ideas from IPSec, Tor and Bittorrent).
That means having to decrypt absolutely everything, including DNS lookups...
Speaking of DNS lookups: Why make your addressing dependant on centralized, establishment-controlled scheme? If PKI can be subverted to let them eavesdrop, then IP addresses and DNS certainly can be as well. Addresses that operate like public keys are much better.
Its already there on your TAILS disc... try it out.;)
Its also worth noting that the I2P layer under I2P-Bote is general purpose: You can browse and even torrent with it, anonymously and securely.
Why make the focus so piecemeal??? We have experts going around saying the answer to mass surveillance is to make application-level crypo ubiquitous. I'm sorry, but that sounds like an unnecessary hassle that begs people to "just turn the crypto thingie off". Its better to have one tool that can provide security and anonymity for a large array of applications.
I respect the EFF's work, but I think their technical vision is very tiny and may meet up with the blind alley it deserves.
"I2P-Bote is an I2P plugin, fully decentralized and distributed email system.[18] It supports different identities and does not expose email headers. Currently (2014), it is still in beta version and can only be accessed via its web application interface, but POP [also IMAP] support is planned. All bote-mails are transparently end-to-end encrypted and, optionally, signed by the sender's private key, thus removing the need for PGP or other privacy software. I2P-Bote offers additional anonymity by allowing for the use of mail relays with variable length delays. As it is decentralized, there is no email server that could link different email identities as communicating with each other..." https://en.wikipedia.org/wiki/... https://thetinhat.com/tutorial...
"The vibrations and oscillations in the version they used for the first three test flights would have torn the ship apart well if it had been fired for anywhere near full duration of about a minute."
It refers to a Times article which is behind their paywall, so I can't read it.
The ad is a variation of a GOTV (Get Out The Vote) strategy called “vote shaming.” The tactic is employed by liberals and conservatives to use social psychology to increase the chances that people vote. In every state but Virginia, whether or not you participated in an election is public. “[I]f you publicize something, it has a very powerful effect on behavior,” Chris Larimer, an Iowa political scientist, told USA Today in 2012.
The Facebook ads at issue go beyond traditional “vote shaming” by strongly implying that their ballot will not be secret. Two Facebook users who posted screenshots of the ad on social media confirmed to ThinkProgress that they had seen the ads on their Facebook newsfeed.
No, not this plan! Since the modified tag is only transmitted from Verizon to advertising sites, Verizon could very easily just strip out all X-UIDH headers coming from you before adding their own.
Any idea why they do this? Of all the sites to not to https...
CPU load. SSL/TLS greatly increases CPU demands on the server(s). For a high-traffic site that costs real money.
This is 2014 not 2004; Most servers have CPU's with built-in AES acceleration. Unless the site gets lots of very short-term use from many different users, the impact of server load should be negligible because most of the crypto will be AES and not the initial public key stuff.
Who's to say that your friendly ISP or government agency isn't doing the same? Or even better yet, how about for OS updates.
Your OS should already check binaries before installation; This is done with digital signatures (i.e. GPG and such) so HTTPS isn't required for protection.
The threat TFA is about is when the user/admin uses an installation method that circumvents or ignores the signature check.
In the Linux realm most popular distros are reasonably secure, but I noticed that Fedora's signature regime is incomplete and so is open to a MITM attack where any number of packages can be selectively prevented from receiving security updates.
OSX and Windows give the appearance to doing proper signature checks, including when you double-click an installer from the desktop. But they use a PKI model that leaves me wondering just who is vouching for the signatures.
Slashdot Mirror
Because you don't look to containers for security.
Ice Bears store energy as ice reserves for later air conditioning use when the sun goes down. This sounds like it would fit best in a sunny but humid climate where nighttime cooling needs are greatest.
http://www.ice-energy.com/
...in the Orwellian tradition.
Keep all the complex interfaces and code if you need them, but put them behind very small paravirtualization codebase ingrained into the OS which keeps them isolated -- from the core system, and from each other. Really, even your devices like USB controllers and NICs can be treated as untrusted in this way if you have an IOMMU. And you can have it in a normal desktop GUI.
Kernel-implemented security is a failure; Its ridiculous to go through continued years & decades of pain by relying on it and worrying about breakouts from its weak sandboxing tactics.
"Lawful intercept" has entered the business models of Verisign and CISCO. I would not trust CISCO... http://www.forbes.com/2010/02/...
Not even an inch... http://arstechnica.com/tech-po...
Proper security on a network is properly done at the endpoints. Its doesn't belong anywhere else.
What is Mozilla thinking?? They could help fund Convergence.io. They could implement clever ways to get it to ride on existing social networks. They could look at network privacy layers that use public keys as addresses. There are options for improving privacy that don't involve elevating the PKi clusterf*ck any further.
This is the one thing QubesOS could use to improve its security-by-isolation approach: Detection and repair in VMs. Even if you assume the hypervisor stays safe (and therefore, your trusted VMs stay safe), you're still relying on VMs to get everything done and the VMs doing the risky tasks are vulnerable to attack. It would be nice if those less-trusted VMs could get automatically restored after a successful attack.
Now I don't have to read the books.
Turn in your /. memberships! The both of you!
No that would be Gladia Solaria in The Naked Sun and Robots Of Dawn.
Then write someone else in... Anyone else who would make a statement.
There are no privileged routers (or 'guard' nodes) on I2P, and from the perspective of "relays" I2P has many times the number Tor has.
Its way better than Tor when you're looking mainly to communicate with other anon sites/users. Comes with bittorrent and an option for decentralized (serverless) securemail.
Its dumbasses like you that think "As long as you are voting for the lesser of two evils you are making a difference"
There is such a thing as a protest vote, "dumbass".
Showing up to vote is critically important. At the very least it ensures the authorities will have to do the dirty, dirty work of physically turning people away if they have been purged from the rolls.
I see... No 'large infrastructure' projects within the hive.
Read these Linus quotes: http://linux.slashdot.org/stor...
He is absolutely correct.
As a (primarily desktop) Linux user since 1998, the unfolding of this debacle is starting to look like an example of why Linux distros in general lack appeal in the desktop space. Desktop/laptop users can't 'make do' with server architecture; there isn't enough veritcal integration of the powerful features we need. When layers represented by systemd and wayland must be considered swappable, the more talented users turn off to the possiblity of building stable user-facing applications on that platform.
One bit of advice is, don't be such primadonnas. Like the laptop users, you'll have to explain to the world which workflows and features are getting broken by these recent changes. OTOH, if all that's getting 'broken' is your philosophy then you might want to take a step back and consider that a better (if larger) one may have replaced it.
An answer a couple of replies down... http://it.slashdot.org/comment...
Thus, any packet sniffer out there (be it by a credit card thief, the NSA - who may also be credit card thieves, or anyone else) can't look for context to decide what packets to grab. There is no context.
Actually, there is the very important context of who is transmitting to whom, and when, which IPSec is giving away. Each user, therefore, might as well be the subject of a pen register.
With I2P, all they see is a stream of encrypted packets to random points and even the 'when' is obscurred (I2P users onion-route traffic for other users by default and expectation, so you can think of this protocol as marrying ideas from IPSec, Tor and Bittorrent).
That means having to decrypt absolutely everything, including DNS lookups...
Speaking of DNS lookups: Why make your addressing dependant on centralized, establishment-controlled scheme? If PKI can be subverted to let them eavesdrop, then IP addresses and DNS certainly can be as well. Addresses that operate like public keys are much better.
Its already there on your TAILS disc... try it out. ;)
Its also worth noting that the I2P layer under I2P-Bote is general purpose: You can browse and even torrent with it, anonymously and securely.
Why make the focus so piecemeal??? We have experts going around saying the answer to mass surveillance is to make application-level crypo ubiquitous. I'm sorry, but that sounds like an unnecessary hassle that begs people to "just turn the crypto thingie off". Its better to have one tool that can provide security and anonymity for a large array of applications.
I respect the EFF's work, but I think their technical vision is very tiny and may meet up with the blind alley it deserves.
"I2P-Bote is an I2P plugin, fully decentralized and distributed email system.[18] It supports different identities and does not expose email headers. Currently (2014), it is still in beta version and can only be accessed via its web application interface, but POP [also IMAP] support is planned. All bote-mails are transparently end-to-end encrypted and, optionally, signed by the sender's private key, thus removing the need for PGP or other privacy software. I2P-Bote offers additional anonymity by allowing for the use of mail relays with variable length delays. As it is decentralized, there is no email server that could link different email identities as communicating with each other..."
https://en.wikipedia.org/wiki/...
https://thetinhat.com/tutorial...
Let's see what a few seconds on Google can find us:
http://www.parabolicarc.com/20...
"The vibrations and oscillations in the version they used for the first three test flights would have torn the ship apart well if it had been fired for anywhere near full duration of about a minute."
It refers to a Times article which is behind their paywall, so I can't read it.
http://en.wikipedia.org/wiki/N...
"There have also been accidents where nitrous oxide decomposition in plumbing has led to the explosion of large tanks."
Weren't the engineers killed in the accident while developing the Spaceship Two engine killed by an exploding NOX tank? I couldn't find the details.
Yes, and VG ignored warnings from an outside propulsion expert: http://slashdot.org/submission...
Should say 'Your Neighbors Will Know If You Don’t Vote Republican' but /. accepts more chars in subject input then chops the end off.
http://thinkprogress.org/elect...
The ad is a variation of a GOTV (Get Out The Vote) strategy called “vote shaming.” The tactic is employed by liberals and conservatives to use social psychology to increase the chances that people vote. In every state but Virginia, whether or not you participated in an election is public. “[I]f you publicize something, it has a very powerful effect on behavior,” Chris Larimer, an Iowa political scientist, told USA Today in 2012.
The Facebook ads at issue go beyond traditional “vote shaming” by strongly implying that their ballot will not be secret. Two Facebook users who posted screenshots of the ad on social media confirmed to ThinkProgress that they had seen the ads on their Facebook newsfeed.
No, not this plan! Since the modified tag is only transmitted from Verizon to advertising sites, Verizon could very easily just strip out all X-UIDH headers coming from you before adding their own.
Then you may like this... http://www.qubes-os.org/
CPU load. SSL/TLS greatly increases CPU demands on the server(s). For a high-traffic site that costs real money.
This is 2014 not 2004; Most servers have CPU's with built-in AES acceleration. Unless the site gets lots of very short-term use from many different users, the impact of server load should be negligible because most of the crypto will be AES and not the initial public key stuff.
The only thing that really works is verifying PGP signatures. SSL is broken and the Tor node may well have legitimate certificates at its disposal.
Actually, its HTTPS and its use of PKI (many unaccountable CAs) that is broken.
Who's to say that your friendly ISP or government agency isn't doing the same? Or even better yet, how about for OS updates.
Your OS should already check binaries before installation; This is done with digital signatures (i.e. GPG and such) so HTTPS isn't required for protection.
The threat TFA is about is when the user/admin uses an installation method that circumvents or ignores the signature check.
In the Linux realm most popular distros are reasonably secure, but I noticed that Fedora's signature regime is incomplete and so is open to a MITM attack where any number of packages can be selectively prevented from receiving security updates.
OSX and Windows give the appearance to doing proper signature checks, including when you double-click an installer from the desktop. But they use a PKI model that leaves me wondering just who is vouching for the signatures.