It could be, but it isn't if you want to use the LED as a flashlight without the camera being on. I'd prefer them to be separate with a physical shutter, personally, but then again I have brain dammage.
Uh, the LED would be there as a *security* feature, not sneaking in as a friggin' flashlight. Who would want such a bright status light anyway?
Shutters don't stop microphones from listening. Even on cameras, they can't inform you that something is not acting as it should. Finally, they add bulk and breakable moving parts to the device.
Given that the NSA (and doubtless others) intercepts of packages, how the hell do you obtain one of these without the real risk of it being tampered with before the sacred unboxing?
Attend conferences where blackphone are showing up. Buy direct (or, if they don't have blackphones on them then pester them about it).
You would probably want I2P instead of Tor (which was built only for browsing over TCP). I2P handles UDP-like traffic just fine, and is more resistant to compromise because its designed to safely distribute re/routing among all users. Its also pretty easy to adjust the number of relay hops, like trading anonymity/latency on a sliding scale.
Just to clarify: Hardwire LEDs to the mic and camera. Leaving the LED activation to firmware is asking for an exploit.
These are good ideas. However they are kind of obvious and their total absence on phones and PCs shows that major IT vendors don't have designers involved in security at all. That vacuum and lack of involvement is astonishing.
BTW, if you want some of those other features in a PC, check out Qubes OS. Its a Xen-based desktop with great virtualization and boot protection features; its (much) more secure than other VM environments and will even automatically isolate vulnerable hardware like network cards from the core OS.
Here is what I need: Replaygain, Crossfade, Stability. Preferably it will also be in a major distro repository so its signed and reasonably safe to install.
Amarok 1.4 had all of those things, yet there is no mention of them on the nightingale features page (which is a pathetic run-on about frameworks and such).
I can think of only one good way to deal with this:
Demarcate systems and LANs as either Internetworked or Isolated, then require that all projects declare whether or not they need the Internet. Finally, assign extra administrative costs to the internetworked systems.
Even though the isolated systems still need security updates, having a clear demarcation for them takes you away from the mayhem created by the vendor's update schedules. Work on your own schedule when updating these systems and remove the headaches for you and your internal clients.
The thing you're missing here is that new miners will naturally join the next-largest pool, which will then threaten Ghash's position as the pool with the best mining odds.
Then something like corporate politics will take over... if not at Ghash then Ghash will eventually become unprofitable and fail, and their nearest competitor will avoid the decision that Ghash made.
IOW, "if we don't do it, somebody else will so it might as well be us 'cuz were a bunch of great guys". The common rationalization of an unregulated market.
Uh, does the underlying Bitcoin format and protocol make this P2P arrangement necessary to mine any new coins? Can it be fundamentally changed to do so? No?
I suspect the good journalists at Bitcoin Mag have enjoyed one too many bongs this week, and had a sudden vision of people working against their own self-interest.
The formation of mining cartels is strongly encouraged by Bitcoin's internal structure.
Libertarian currency in "falls into monopoly" shock.
In almost no time flat, I might add. You'd think it would take at least a decade... slow enough to maintain a little bit of self-respect in the minds of its purveyors.
Still, I think "monopoly" is being too harsh. Its more like a cartel formed by the ghosts of koolaid drinkers from Jonestown.
I have been waiting for such an announcement from a mining pool... actually for years now.
What % of control do you think regular banking systems have and how much is required to manipulate that?
What percentage of banks had to work together to manipulate LIBOR?
I don't know, but its probably much larger than the percentage of banks required to allocate 51% of computing resources for Bitcoin.
Even if its significantly larger, such a goal is still easily within reach of the Finance sector or any cartel therein. The Bitcoin concept of trust only works if smallholders are forced to get mining hardware and contribute to mining; This keeps establishment players and their politics from taking hold over the currency and manipulating it.
They have stated to trade groups that they intend to drive increased consumption even if consumers don't need or want their products. IIRC, in one of their commercials they even accost a disinterested PC user and get her to buy a new laptop based on a bunch of new buzzwords that sound cool. The subtext was: You're in idiot living in a bubble if you're satisfied with the stuff we made for you just a few years ago.
Intel and Apple today represent a nexus of the aggressive consumption mindset. Its not working out for Intel on the Windows side, but Apple's new policy of quickly obsoleting Macs has indeed lead to a big increase in sales.. so you can really see the racket at work where these two companies overlap. Its too bad that as Apple's customers become poorer, they will have to either stop using Macs or curtail their Mac-related purchases. I have stopped recommending them to people.
This looks like a great product; been following it for a while now. I would pay a premium to have a US version of Fairphone, though I guess that would hurt its re-usability quotient.
Through exploiting Xorg then it can likely exploit more *important* things like credit card numbers, bank account information, and so on and so forth. The likelihood is very high that the exploited X server is going to host an input of some great importance.
I think having a few separate user domains labelled "banking" and such is all most people need to greatly reduce their risk from remote attacks, even though it takes just seconds to create new domains already populated with an OS.
As for the implication of getting attacked while accessing your banking sites, well...
If the user is very fastidious in sorting every single little thing into distinct AppVMs, then the attack surface can be meaningfully reduced. However such a fastidious user is unlikely to do activities that would cause bitmap fonts to be read in from an untrusted source.
Qubes OS is a fascinating tool to help the careful be more effective in their effort, but the practical reality is that the people most afflicted by these attacks would not create a more secure environment in Qubes than a normal environment.
I disagree completely. Even just separating banking/finance from everything else would make a big difference. There is no need to consider the strawman case of every single thing being siloed; it is similar to the argument against taking privacy measures because no one can be absolutely private.
And data separation is not the only point of Qubes: After a system has been compromised, there is far less chance under Qubes that the PC has been subverted in some fundamental way... you at least have the means to remove the malware without facing a spoiled bootloader, kernel or BIOS.
Keeping exploits unprivileged is still a very big deal, though separating unprivileged domains certainly adds to that value. To say "only for fastidious people" as a caveat is disingenuous snobbery... there's no reason to believe an average user could not understand and use Qubes' window-framed domains to enhance their security. That leaves user motivation as a possible barrier, and I think the correct approach is to match the public's concern over cybercrime and spying with a system that makes security-by-isolation easy to identify and use.
Incorrect. An exploited Qubes X11 has control over only the apps and data assigned to the exploited Xen domain; it would remain blocked from any baremetal administrative functions.
An exploited baremetal Linux/X11 has control over user I/O for everything done by the exploited user, so they are SOL as soon as they try to perform a system-wide admin function.
Keeping sensitive data under different user accounts would provide virtually no protection for threat models that apply to typical desktops.
It was designed assuming X11 (and Linux itself) had big security holes to begin with.
In fact, after acclimating to the Qubes desktop architecture the whole monolithic kernel + X server arrangement looks like a raft full of holes waiting to exploited. Both the X11 layer *and* the Linux kernel need to be demoted to providing features only, not relied upon for overall system security.
The "Tea Party" has been a corporatist project since 2002.
There is a reason why they were sudden mass media darlings right after the 2008 crash; they have the capital-friendly narrative that corporations want grandfathered into a political 'renewal' should one become necessary. The saddest part is they can't even pay enough people to show up at their low-turnout protests.
Here is an enlightening comparison of fascist history with more recent developments:
The third stage: being there All through the Bush years, progressive right-wing watchers refused to call it "fascism" because, though we kept looking, we never saw clear signs of a deliberate, committed institutional partnership forming between America's conservative elites and its emerging homegrown brownshirt horde. We caught tantalizing signs of brief flirtations -- passing political alliances, money passing hands, far-right moonbat talking points flying out of the mouths of "mainstream" conservative leaders. But it was all circumstantial, and fairly transitory. The two sides kept a discreet distance from each other, at least in public. What went on behind closed doors, we could only guess. They certainly didn't act like a married couple.
Now, the guessing game is over. We know beyond doubt that the Teabag movement was created out of whole cloth by astroturf groups like Dick Armey's FreedomWorks and Tim Phillips' Americans for Prosperity, with massive media help from FOX News. We see the Birther fracas -- the kind of urban myth-making that should have never made it out of the pages of the National Enquirer -- being openly ratified by Congressional Republicans. We've seen Armey's own professionally-produced field manual that carefully instructs conservative goon squads in the fine art of disrupting the democratic governing process -- and the film of public officials being terrorized and threatened to the point where some of them required armed escorts to leave the building. We've seen Republican House Minority Leader John Boehner applauding and promoting a video of the disruptions and looking forward to "a long, hot August for Democrats in Congress."
This is the sign we were waiting for -- the one that tells us that yes, kids: we are there now. America's conservative elites have openly thrown in with the country's legions of discontented far right thugs.
A real grassroots movement emerged years later when Occupy Wall St. put a big chink in the corporate narrative armor, and evaporating any semblance of teabagger interpretations to 'inevitability' or even sanity.
(Say anything about gays that isn't genuinely flattering in a crowd of them today, for example, and see how fast you get tossed out. That's not "tolerance", that's intolerance of anything but their pet points of view.)
Jane's heart bleeds for Duck Dynasty Dudes and AM radio road ragers. Or should I say "Jane"...
BTW, last time I checked marriage was not a privilege.
Obama has violated more civil rights than any President in history... The only solution is to shitcan both parties. They have been WAY more trouble than they're worth.
Typical selective false equivalence coming from a schizophrenic world view that supposedly upholds the legacy of Ayn Rand and Barry Goldwater by electing fundamentalist Christians who would prefer to legislate our bedrooms to death rather than promote the general welfare.
Don't count mainstream "New Democrats" as the Left. Please. They love the growth of Finance and Police powers (and the exemption of the former from the latter) about as much as any Republican.
If we look at progressive politicians, and moving to press and social commentary, sites like democraticunderground, dailykos, commondreams, thinkprogress, The Guardian, Huffington Post, Raw Story, TruthOut and so on have been quite vocal about mass surveillance. A preponderance of Left-leaning politicians sponsored the USA Freedom Act.
I'm glad Schneier has started using TAILS: He may get some exposure to I2P (included with the distro) and stop prattling on about fighting mass surveillance with more heaps of application-level encryption and 'do some more Tor, too'. That turn-of-the-century mindset is what lead to such spotty privacy and security in the first place... it turns people off by asking them to be mindful of too many standards and implementations.
With I2P, all I usually need to know is whether a certain app is written for it and what the author's reputation is. I also get (full) torrenting and distributed email.
Starvation?? The planet still produces food surpluses, and some countries (***cough**USA***cough***) throw away 40% of the food they buy at the market/restaurant.
The answer is that you GIVE the food to the children, you economic and moral imbecile. The parent was talking about making gadgets, not tending crops.
I'll burn karma to kick down a defence of child labor, thankyouverymuch.
Slashdot Mirror
It could be, but it isn't if you want to use the LED as a flashlight without the camera being on. I'd prefer them to be separate with a physical shutter, personally, but then again I have brain dammage.
Uh, the LED would be there as a *security* feature, not sneaking in as a friggin' flashlight. Who would want such a bright status light anyway?
Shutters don't stop microphones from listening. Even on cameras, they can't inform you that something is not acting as it should. Finally, they add bulk and breakable moving parts to the device.
Given that the NSA (and doubtless others) intercepts of packages, how the hell do you obtain one of these without the real risk of it being tampered with before the sacred unboxing?
Attend conferences where blackphone are showing up. Buy direct (or, if they don't have blackphones on them then pester them about it).
Why is that such a big deal? People already install apps and buy gadgets so they can interact with people they know in a specific digital domain.
And I'm sure the blackphone will tell you when the party on the other end is using secure protocols.
You would probably want I2P instead of Tor (which was built only for browsing over TCP). I2P handles UDP-like traffic just fine, and is more resistant to compromise because its designed to safely distribute re/routing among all users. Its also pretty easy to adjust the number of relay hops, like trading anonymity/latency on a sliding scale.
I'm amazed at how consistently /.ers assume that a LED would not be hardwired to the component it monitors. Its like a form of brain damage.
Just to clarify: Hardwire LEDs to the mic and camera. Leaving the LED activation to firmware is asking for an exploit.
These are good ideas. However they are kind of obvious and their total absence on phones and PCs shows that major IT vendors don't have designers involved in security at all. That vacuum and lack of involvement is astonishing.
BTW, if you want some of those other features in a PC, check out Qubes OS. Its a Xen-based desktop with great virtualization and boot protection features; its (much) more secure than other VM environments and will even automatically isolate vulnerable hardware like network cards from the core OS.
Here is what I need: Replaygain, Crossfade, Stability. Preferably it will also be in a major distro repository so its signed and reasonably safe to install.
Amarok 1.4 had all of those things, yet there is no mention of them on the nightingale features page (which is a pathetic run-on about frameworks and such).
Still sticking with iTunes for now.
I can think of only one good way to deal with this:
Demarcate systems and LANs as either Internetworked or Isolated, then require that all projects declare whether or not they need the Internet. Finally, assign extra administrative costs to the internetworked systems.
Even though the isolated systems still need security updates, having a clear demarcation for them takes you away from the mayhem created by the vendor's update schedules. Work on your own schedule when updating these systems and remove the headaches for you and your internal clients.
The thing you're missing here is that new miners will naturally join the next-largest pool, which will then threaten Ghash's position as the pool with the best mining odds.
Then something like corporate politics will take over... if not at Ghash then Ghash will eventually become unprofitable and fail, and their nearest competitor will avoid the decision that Ghash made.
IOW, "if we don't do it, somebody else will so it might as well be us 'cuz were a bunch of great guys". The common rationalization of an unregulated market.
Uh, does the underlying Bitcoin format and protocol make this P2P arrangement necessary to mine any new coins? Can it be fundamentally changed to do so? No?
I suspect the good journalists at Bitcoin Mag have enjoyed one too many bongs this week, and had a sudden vision of people working against their own self-interest.
The formation of mining cartels is strongly encouraged by Bitcoin's internal structure.
Libertarian currency in "falls into monopoly" shock.
In almost no time flat, I might add. You'd think it would take at least a decade... slow enough to maintain a little bit of self-respect in the minds of its purveyors.
Still, I think "monopoly" is being too harsh. Its more like a cartel formed by the ghosts of koolaid drinkers from Jonestown.
I have been waiting for such an announcement from a mining pool... actually for years now.
What percentage of banks had to work together to manipulate LIBOR?
I don't know, but its probably much larger than the percentage of banks required to allocate 51% of computing resources for Bitcoin.
Even if its significantly larger, such a goal is still easily within reach of the Finance sector or any cartel therein. The Bitcoin concept of trust only works if smallholders are forced to get mining hardware and contribute to mining; This keeps establishment players and their politics from taking hold over the currency and manipulating it.
Good luck with that.
They have stated to trade groups that they intend to drive increased consumption even if consumers don't need or want their products. IIRC, in one of their commercials they even accost a disinterested PC user and get her to buy a new laptop based on a bunch of new buzzwords that sound cool. The subtext was: You're in idiot living in a bubble if you're satisfied with the stuff we made for you just a few years ago.
Intel and Apple today represent a nexus of the aggressive consumption mindset. Its not working out for Intel on the Windows side, but Apple's new policy of quickly obsoleting Macs has indeed lead to a big increase in sales.. so you can really see the racket at work where these two companies overlap. Its too bad that as Apple's customers become poorer, they will have to either stop using Macs or curtail their Mac-related purchases. I have stopped recommending them to people.
This looks like a great product; been following it for a while now. I would pay a premium to have a US version of Fairphone, though I guess that would hurt its re-usability quotient.
Through exploiting Xorg then it can likely exploit more *important* things like credit card numbers, bank account information, and so on and so forth. The likelihood is very high that the exploited X server is going to host an input of some great importance.
I think having a few separate user domains labelled "banking" and such is all most people need to greatly reduce their risk from remote attacks, even though it takes just seconds to create new domains already populated with an OS.
As for the implication of getting attacked while accessing your banking sites, well...
If the user is very fastidious in sorting every single little thing into distinct AppVMs, then the attack surface can be meaningfully reduced. However such a fastidious user is unlikely to do activities that would cause bitmap fonts to be read in from an untrusted source.
Qubes OS is a fascinating tool to help the careful be more effective in their effort, but the practical reality is that the people most afflicted by these attacks would not create a more secure environment in Qubes than a normal environment.
I disagree completely. Even just separating banking/finance from everything else would make a big difference. There is no need to consider the strawman case of every single thing being siloed; it is similar to the argument against taking privacy measures because no one can be absolutely private.
And data separation is not the only point of Qubes: After a system has been compromised, there is far less chance under Qubes that the PC has been subverted in some fundamental way... you at least have the means to remove the malware without facing a spoiled bootloader, kernel or BIOS.
Keeping exploits unprivileged is still a very big deal, though separating unprivileged domains certainly adds to that value. To say "only for fastidious people" as a caveat is disingenuous snobbery... there's no reason to believe an average user could not understand and use Qubes' window-framed domains to enhance their security. That leaves user motivation as a possible barrier, and I think the correct approach is to match the public's concern over cybercrime and spying with a system that makes security-by-isolation easy to identify and use.
Incorrect. An exploited Qubes X11 has control over only the apps and data assigned to the exploited Xen domain; it would remain blocked from any baremetal administrative functions.
An exploited baremetal Linux/X11 has control over user I/O for everything done by the exploited user, so they are SOL as soon as they try to perform a system-wide admin function.
Keeping sensitive data under different user accounts would provide virtually no protection for threat models that apply to typical desktops.
Its how the user communicates with and controls the system, so in a sense it doesn't matter if X is 'unprivileged'.
I'm tempted but the carbon footprint of the resulting 0wnage would probably be too great.
It was designed assuming X11 (and Linux itself) had big security holes to begin with.
In fact, after acclimating to the Qubes desktop architecture the whole monolithic kernel + X server arrangement looks like a raft full of holes waiting to exploited. Both the X11 layer *and* the Linux kernel need to be demoted to providing features only, not relied upon for overall system security.
A really good read... http://www.alternet.org/story/141819/is_the_u.s._on_the_brink_of_fascism
The "Tea Party" has been a corporatist project since 2002.
There is a reason why they were sudden mass media darlings right after the 2008 crash; they have the capital-friendly narrative that corporations want grandfathered into a political 'renewal' should one become necessary. The saddest part is they can't even pay enough people to show up at their low-turnout protests.
Here is an enlightening comparison of fascist history with more recent developments:
The third stage: being there
All through the Bush years, progressive right-wing watchers refused to call it "fascism" because, though we kept looking, we never saw clear signs of a deliberate, committed institutional partnership forming between America's conservative elites and its emerging homegrown brownshirt horde. We caught tantalizing signs of brief flirtations -- passing political alliances, money passing hands, far-right moonbat talking points flying out of the mouths of "mainstream" conservative leaders. But it was all circumstantial, and fairly transitory. The two sides kept a discreet distance from each other, at least in public. What went on behind closed doors, we could only guess. They certainly didn't act like a married couple.
Now, the guessing game is over. We know beyond doubt that the Teabag movement was created out of whole cloth by astroturf groups like Dick Armey's FreedomWorks and Tim Phillips' Americans for Prosperity, with massive media help from FOX News. We see the Birther fracas -- the kind of urban myth-making that should have never made it out of the pages of the National Enquirer -- being openly ratified by Congressional Republicans. We've seen Armey's own professionally-produced field manual that carefully instructs conservative goon squads in the fine art of disrupting the democratic governing process -- and the film of public officials being terrorized and threatened to the point where some of them required armed escorts to leave the building. We've seen Republican House Minority Leader John Boehner applauding and promoting a video of the disruptions and looking forward to "a long, hot August for Democrats in Congress."
This is the sign we were waiting for -- the one that tells us that yes, kids: we are there now. America's conservative elites have openly thrown in with the country's legions of discontented far right thugs.
http://www.alternet.org/politics/141819/is_the_u.s._on_the_brink_of_fascism/?page=entire
A real grassroots movement emerged years later when Occupy Wall St. put a big chink in the corporate narrative armor, and evaporating any semblance of teabagger interpretations to 'inevitability' or even sanity.
(Say anything about gays that isn't genuinely flattering in a crowd of them today, for example, and see how fast you get tossed out. That's not "tolerance", that's intolerance of anything but their pet points of view.)
Jane's heart bleeds for Duck Dynasty Dudes and AM radio road ragers. Or should I say "Jane"...
BTW, last time I checked marriage was not a privilege.
Obama has violated more civil rights than any President in history...
The only solution is to shitcan both parties. They have been WAY more trouble than they're worth.
Typical selective false equivalence coming from a schizophrenic world view that supposedly upholds the legacy of Ayn Rand and Barry Goldwater by electing fundamentalist Christians who would prefer to legislate our bedrooms to death rather than promote the general welfare.
What silence? ....And which Left?
Don't count mainstream "New Democrats" as the Left. Please. They love the growth of Finance and Police powers (and the exemption of the former from the latter) about as much as any Republican.
If we look at progressive politicians, and moving to press and social commentary, sites like democraticunderground, dailykos, commondreams, thinkprogress, The Guardian, Huffington Post, Raw Story, TruthOut and so on have been quite vocal about mass surveillance. A preponderance of Left-leaning politicians sponsored the USA Freedom Act.
I'm glad Schneier has started using TAILS: He may get some exposure to I2P (included with the distro) and stop prattling on about fighting mass surveillance with more heaps of application-level encryption and 'do some more Tor, too'. That turn-of-the-century mindset is what lead to such spotty privacy and security in the first place... it turns people off by asking them to be mindful of too many standards and implementations.
With I2P, all I usually need to know is whether a certain app is written for it and what the author's reputation is. I also get (full) torrenting and distributed email.
Starvation?? The planet still produces food surpluses, and some countries (***cough**USA***cough***) throw away 40% of the food they buy at the market/restaurant.
The answer is that you GIVE the food to the children, you economic and moral imbecile. The parent was talking about making gadgets, not tending crops.
I'll burn karma to kick down a defence of child labor, thankyouverymuch.