I think secular society will have a bigger problem with this once we realize that chimeras will allow a slew of new pathogens to adapt to the point where they can spread to humans.
That is a "fix" only if vendors maintain perfect security of their keys. The better solution would be to prevent any modification without a convoluted physical attack on the device innards... using ROMs for instance.
Also, knowing that endpoint security cannot realistically have multiple TCBs acting in parallel (hence, a large attack surface), the best design decision is to make critical peripherals (like keyboards and displays) as dumb as possible.
The complex bits should either be in the CPU or tightly bound to it. Otherwise, if you need to add complexity from other vendors and/or use flimsy security, then such peripherals can be contained in unprivileged contexts.
Other types of messaging clients are doing this conveniently. Signal and Ring.cx come to mind. I think email itself may be obsolete, since it relies on servers and makes hiding metadata difficult.
Actually, turning something like privacy into a sale-able commodity is known as extortion.
Your assertions are all bogus, BTW. It does affect security for the advertising industry (a major spreader of malware) to have spying ability into basic communication infrastructure. If the ISPs themselves become arms of the ad industry, they become untrustworthy by definition.
The reason this is BS (and totally unreasonable) is that turning a customer's privacy into a commodity is wrong. Like the anti-Net Neutrality argument, you can't make a case for this using blinkered economics that avoid the ethical/moral issues.
VPN is a good idea anyway, if you need to use access points you don't really trust. Good ones like publicinternetaccess.com cost about $40 per year (about $3.30 / mo).
You can think of Qubes as a desktop OS that demotes monolithic kernels (hopelessly insecure) to the role of providing features/drivers within unprivileged VMs. This is similar to the microkernel philosophy, but also recognizes that monolithic kernels are still where all the drivers and apps are to be found.
Qubes also employs IOMMU hardware to contain network and USB controllers within unprivileged VMs to protect against DMA attacks. The admin VM that runs the desktop environment has no direct access to networking, and the user can assign other PCI devices to VMs as they see fit.
The last piece of the Qubes picture is that it departs from how most hypervisors handle graphics, keyboards and inter-VM copying. Each is properly virtualized using a very simple protocol that is highly resistant to attack, so that VMs cannot sniff your clipboard contents or keystrokes, or take screenshots, etc. Copying between Qubes VMs is also probably much safer than copying between air-gapped machines using discs or flash drives because the former is far simpler.
The Qubes Security Bulletin for this Xen vulnerability can be viewed here.
Most Xen vulns either do not apply to Qubes or are DOS, and the Qubes project is skeptical that this one can be realistically used against Qubes. Still, the bulletin also describes how this vuln belongs to a class of memory management bugs that the Xen project has not done a good job in rectifying. This appears to be Xen's "weak spot" that could be a perennial source of vulns. As a result, Qubes will be moving away from PVMs (which use the questionable memory mapping code) to HVMs which employ on-silicon SLAT for VMs.
Remember all the promises Yahoo made about protecting user data from spying? Well you can forget it now-- Verizon is one of the biggest spying corps on the planet and they will get access to everyone's Yahoo email.
http://ring.cx/ is looking good... Decentralized using DHT, and e2e encrypted. It doesn't live inside Chrome browser, either, which I think is a big handicap for Signal.
Both rising *and* falling prices are bad, einstein. Especially if its rapid and involves housing. It makes either buyers or lenders drop out and the pain deters them from getting back in. Or the lenders declare an emergency and hold an economic gun to everyone's head unless the government prints up a nice big bailout for their cozy little class, screwing everyone else and undermining everything from the work ethic to the currency.
More stability would improve things, but the political class has disappeared up the anus of high finance and "US interests abroad". The only thing that will change is immigration. The UK will now be able to pursue further destabilization in other countries alongside the US--but with less human-fallout in the form of refugees. Whether that is "good" for the UK working class is unknown.
Their gov't seem intent on giving democracy a bad name. First the single-vote referendum requiring only simple majority, and now this move to cage the country into that fateful vote.
I don't blame the EU for wanting to be rid of them quickly. Bad faith and arrogance are toxic to everyone involved.
Because this is obviously just as bad as threatening to kill someone or administering poison with intent to endanger life, which both have 10 year sentences in the UK...
It is if you want the UK to become the 51st state, which is what this bill is signaling in a sense. After losing the EU, the UK elite want access to large markets and this bill is an offering to the US. There is no other explanation for ignoring their population so thoroughly in the wake of brexit.
I've been telling enthusiasts (who apparently only skimmed the main bitcoin sites briefly, if at all) for years that if bitcoin does rise in utility, then bigger and bigger institutions will come in and swamp the small players -- or force them into their own cartel.
They want a currency created by mathematics, but refuse to look at the logical conclusions it engenders.
Thinkpads do have this option. I am also using a feature called "anti evil maid" in Qubes OS, which uses the TPM to guard against firmware tampering (you see the test at boot time).
No, the idea is to simply switch the entire context (Mozilla profile...or meta-profiles) whenever the domain in the location bar changes.
Browsers really should have been designed to have one cache / cookie db / history per visited site. That means referenced third-party content would see something different (a different 'identity') depending on what site you're actually 'at' in the location bar. The only exception would be the browser itself, which could populate the location bar history using all the sub-histories.
What did Apple find lacking? Read the summary: File cloning and multiple 'subvolumes' that can share allocation units. That sounds more like Btrfs to me.
Indeed... http://www.newscientist.com/ar... Earlier this year, Microflown's researchers discovered by chance that the device can hear, record or stream an ordinary conversation from as far away as 20 metres, says Hans-Elias de Bree, the firm's co-founder. Signal-processing software filters out unwanted noise like wind or traffic commotion. Work is now underway to increase the range....
"Not only could this work, it has worked," says Ron Barrett-Gonzalez at the University of Kansas. He has helped boost the sensor's range by 28 per cent to more than 25 metres. It will be possible to record a parade of people on a busy sidewalk all day using a camera and acoustic sensor, and tune into each conversation or voice, live or via stored files, he says.
Security technologist Bruce Schneier says this new capability is unwelcome particularly given the recent claims about the NSA's success at tapping into our private lives. "It's not just this one technology that's the problem," Schneier says. "It's the mic plus the drones, plus the signal processing, plus voice recognition."
Slashdot Mirror
Oh, look! My first threatening message on /. from a member of the Trump hard-on club.
Ring.cx uses DHT not "a company". Clients connect directly to each other.
I think secular society will have a bigger problem with this once we realize that chimeras will allow a slew of new pathogens to adapt to the point where they can spread to humans.
That is a "fix" only if vendors maintain perfect security of their keys. The better solution would be to prevent any modification without a convoluted physical attack on the device innards... using ROMs for instance.
Also, knowing that endpoint security cannot realistically have multiple TCBs acting in parallel (hence, a large attack surface), the best design decision is to make critical peripherals (like keyboards and displays) as dumb as possible.
The complex bits should either be in the CPU or tightly bound to it. Otherwise, if you need to add complexity from other vendors and/or use flimsy security, then such peripherals can be contained in unprivileged contexts.
Other types of messaging clients are doing this conveniently. Signal and Ring.cx come to mind. I think email itself may be obsolete, since it relies on servers and makes hiding metadata difficult.
Because "enterprise" people are, by definition, "the right people". Just ask the Saudi government!
Actually, turning something like privacy into a sale-able commodity is known as extortion.
Your assertions are all bogus, BTW. It does affect security for the advertising industry (a major spreader of malware) to have spying ability into basic communication infrastructure. If the ISPs themselves become arms of the ad industry, they become untrustworthy by definition.
The reason this is BS (and totally unreasonable) is that turning a customer's privacy into a commodity is wrong. Like the anti-Net Neutrality argument, you can't make a case for this using blinkered economics that avoid the ethical/moral issues.
VPN is a good idea anyway, if you need to use access points you don't really trust. Good ones like publicinternetaccess.com cost about $40 per year (about $3.30 / mo).
You can think of Qubes as a desktop OS that demotes monolithic kernels (hopelessly insecure) to the role of providing features/drivers within unprivileged VMs. This is similar to the microkernel philosophy, but also recognizes that monolithic kernels are still where all the drivers and apps are to be found.
Qubes also employs IOMMU hardware to contain network and USB controllers within unprivileged VMs to protect against DMA attacks. The admin VM that runs the desktop environment has no direct access to networking, and the user can assign other PCI devices to VMs as they see fit.
The last piece of the Qubes picture is that it departs from how most hypervisors handle graphics, keyboards and inter-VM copying. Each is properly virtualized using a very simple protocol that is highly resistant to attack, so that VMs cannot sniff your clipboard contents or keystrokes, or take screenshots, etc. Copying between Qubes VMs is also probably much safer than copying between air-gapped machines using discs or flash drives because the former is far simpler.
The Qubes Security Bulletin for this Xen vulnerability can be viewed here.
Most Xen vulns either do not apply to Qubes or are DOS, and the Qubes project is skeptical that this one can be realistically used against Qubes. Still, the bulletin also describes how this vuln belongs to a class of memory management bugs that the Xen project has not done a good job in rectifying. This appears to be Xen's "weak spot" that could be a perennial source of vulns. As a result, Qubes will be moving away from PVMs (which use the questionable memory mapping code) to HVMs which employ on-silicon SLAT for VMs.
Remember all the promises Yahoo made about protecting user data from spying? Well you can forget it now-- Verizon is one of the biggest spying corps on the planet and they will get access to everyone's Yahoo email.
http://ring.cx/ is looking good... Decentralized using DHT, and e2e encrypted. It doesn't live inside Chrome browser, either, which I think is a big handicap for Signal.
https://ring.cx/
Its decentralized and uses end-to-end encryption. It also isn't attached at the hip to a humungous browser (Chrome) the way Signal is.
Both rising *and* falling prices are bad, einstein. Especially if its rapid and involves housing. It makes either buyers or lenders drop out and the pain deters them from getting back in. Or the lenders declare an emergency and hold an economic gun to everyone's head unless the government prints up a nice big bailout for their cozy little class, screwing everyone else and undermining everything from the work ethic to the currency.
More stability would improve things, but the political class has disappeared up the anus of high finance and "US interests abroad". The only thing that will change is immigration. The UK will now be able to pursue further destabilization in other countries alongside the US--but with less human-fallout in the form of refugees. Whether that is "good" for the UK working class is unknown.
Their gov't seem intent on giving democracy a bad name. First the single-vote referendum requiring only simple majority, and now this move to cage the country into that fateful vote.
I don't blame the EU for wanting to be rid of them quickly. Bad faith and arrogance are toxic to everyone involved.
Because this is obviously just as bad as threatening to kill someone or administering poison with intent to endanger life, which both have 10 year sentences in the UK...
It is if you want the UK to become the 51st state, which is what this bill is signaling in a sense. After losing the EU, the UK elite want access to large markets and this bill is an offering to the US. There is no other explanation for ignoring their population so thoroughly in the wake of brexit.
I've been telling enthusiasts (who apparently only skimmed the main bitcoin sites briefly, if at all) for years that if bitcoin does rise in utility, then bigger and bigger institutions will come in and swamp the small players -- or force them into their own cartel.
They want a currency created by mathematics, but refuse to look at the logical conclusions it engenders.
Thinkpads do have this option. I am also using a feature called "anti evil maid" in Qubes OS, which uses the TPM to guard against firmware tampering (you see the test at boot time).
If I choose the option in my BIOS to *erase* the ME firmware, does that make it any better?
No, the idea is to simply switch the entire context (Mozilla profile ...or meta-profiles) whenever the domain in the location bar changes.
Browsers really should have been designed to have one cache / cookie db / history per visited site. That means referenced third-party content would see something different (a different 'identity') depending on what site you're actually 'at' in the location bar. The only exception would be the browser itself, which could populate the location bar history using all the sub-histories.
What did Apple find lacking? Read the summary: File cloning and multiple 'subvolumes' that can share allocation units. That sounds more like Btrfs to me.
Indeed... http://www.newscientist.com/ar... ...
Earlier this year, Microflown's researchers discovered by chance that the device can hear, record or stream an ordinary conversation from as far away as 20 metres, says Hans-Elias de Bree, the firm's co-founder. Signal-processing software filters out unwanted noise like wind or traffic commotion. Work is now underway to increase the range.
"Not only could this work, it has worked," says Ron Barrett-Gonzalez at the University of Kansas. He has helped boost the sensor's range by 28 per cent to more than 25 metres. It will be possible to record a parade of people on a busy sidewalk all day using a camera and acoustic sensor, and tune into each conversation or voice, live or via stored files, he says.
Security technologist Bruce Schneier says this new capability is unwelcome particularly given the recent claims about the NSA's success at tapping into our private lives. "It's not just this one technology that's the problem," Schneier says. "It's the mic plus the drones, plus the signal processing, plus voice recognition."
To some people, that would be "put it back in my iPhone". (People who remove their internal mic, which I think is smart.)
Throwin shade, with made-up quotes and a slur to boot. You've already made it clear there is nothing you're willing to debate in this thread, Troll.
Oh God... wish I still had mod points. LOL