...but it's Bush who is warmongering while impoverishing his people. I'd say that Putin was above the both of them, though he will soon be ending his career with that horrific assault against the... arctic circle on his record. Oh the humanity.
Now if you'll excuse me, I'll wash my hands after partaking in one of Slashdot's redmeat xenophobe stories. Call me when you all have something positive to post about Russians or Chinese for a change: Until then, the usual Anglosphere "coverage" of the other major powers is best taken with a large grain of salt.
Though Dolphin nicely allows you to set your default view type (I choose Detailed List), and seems to mimic the OS X Finder left-side bar, it has problems. First, the left-side bar isn't matched with a top-side 'shelf' like Finder has... so your ability to quickly place/remove custom locations in the UI has no counterpart for placing custom tools. Second, you can't drop items onto folders in the left-side bar to copy them; Dolphin will simply add all those items to the bar! That it encourages users to split the window vertically is no help for novices sense of confusion either; I have recommended Dolphin to other users for the last time.
Konq has no setting for default view type, and it defaults to thumbnails. Ugh. Even worse, Konq's identifying icon changes to whatever you're viewing at the moment, so it shifts from default to folder to web page icon, etc, leaving me unable to find windows in a busy task bar. Finally, Konq's tree view is generally un-helpful: Its difficult to know when it will follow your movement to another dir (and its rare) and the categories that I must constantly shift between ('home' and 'services') just to move files between home and external drives are asinine. (Also: the Printers category doesn't play nicely with CUPS, Network is useless for samba shares, and don't get me started on the KDE dir properties dialog that sets up samba shares guaranteed not to work).
Though Konqueror has great abilities WRT protocols like ssh and sftp, it doesn't make up for the fact that NONE of the FOSS file browsers can match the balance of usability and (non-broken) features in OS X and Windows browsers.
Umm, like the one built-into OS X: encrypted disk image.
But overall a file encryption tool like gpg may be more secure than letting google or others see the disk I/O flow over the net. In that scenario, which truecrypt isn't designed for, I believe a disk encryption scheme becomes weak.
...to behave like the military. What you seem to be saying is that you're making money off of both areas, so it doesn't matter to you if the government becomes fascist.
Still waiting for the day when Slashdot stops posting articles about exploits that have no mention of the OS in the summary...
Re:Yeah, well show me a PSK solution for browsers.
on
Spying On Tor
·
· Score: 1
And PKI works if you consider its limitations. Yes, the gov't can spy on your shopping and banking transmissions. But if you pay only a little attention to https vitals when browsing, private phishers cannot spy on you.
OTOH, if PKI did prevent gov't surveillance, then the gov't could probably get your data direct from the merchant with some extra effort.
I can imagine a better system, rooted in the keys distributed with FOSS operating systems...
Re:any idiot should realize it's a hostile network
on
Spying On Tor
·
· Score: 1
OK but, the Swede who conducted his exit-node study did not really know if those people accessing embassy systems actually belonged doing so. Hmmm...
And yeah, recommending it for official business it just crazy. Unless-- the embassy personnel were spying in their host country.
Re:Yeah, well show me a PSK solution for browsers.
on
Spying On Tor
·
· Score: 1
A note: Browsers already have a way of storing client certificates to identify themselves, so you still only need a server on one end. Or, you can put a website-specific cert in the client's browser, and let the client log in with username/password-- the server will already be authenticated before the user logs in, so its safe if the user is trained to heed certificate warnings.
You are right to suggest that tight security may require that the certs/keys be exchanged in person.
Re:any idiot should realize it's a hostile network
on
Spying On Tor
·
· Score: 2, Interesting
I disagree with the overall thrust of your post.
Tor isn't aimed at sysadmins for use as a client. You are confusing the actors and roles in your message.
Tor client only requires a knowledge of: domains/URLs, cookies and misc browser security issues like scripts and web bugs. Network architecture isn't important (if I'm mistaken, please explain). In Firefox, keep using Tools-> Clear Private Data. With this level of knowledge you can browse 'open' sites anonymously.
If privacy is also required, then basic knowledge of https/ssl is required. You must know the ritual of looking for the lock, then checking the domain name, and heeding certificate warning dialogs. Not hard. At this level, you can conduct transactions that would wouldn't mind the CA or certain governments seeing.
If 'high' privacy is necessary, then the user must know how to import certificates into the browser. Working the Certificate Manager in Firefox is also not hard. At this level (requiring more than a little work on the server side) the user can feel safe there is no cleartext net surveillance, though other modes of spying may be possible (keyloggers, physical break-in, etc.).
Re:Yeah, well show me a PSK solution for browsers.
on
Spying On Tor
·
· Score: 1
You're still not making sense:
No, you're pretty much entirely stuck with the first choice -- blindly trusting a third-party CA which can be a single point of security failure for a large number of sites. That's the problem. E-commerce requires trust where none should be assumed, especially in the case of a network like TOR that funnels all traffic into a handful of potentially compromised exit nodes. Who said this was about e-commerce? Under what conditions should online commerce be kept secret from the government? Or by "single point of failure" are are implying that a CA will have its private key STOLEN by private crooks?? The latter would be a really stupid assumption to make, esp since they can revoke stolen keys.
If two or more parties want privacy without the questions an (un)trusted third-party raises, then they can distribute certificates among themselves and use Certificate Manager in Firefox, or similar, to import them.
There is no perfect technical solution for the problem when using PKI. There is no mindless, transparent solution for digital privacy. But with some care and minimal user education https is quite secure.
Why would you even mention ssh here? It isn't "better" than using a browser. When I store an ssh known host on my client, I have to think about how secure the connection was at that moment... if it happened over the Internet (or even an infested LAN) then it could be bogus; uneducated users could be even more dangerous with ssh than with a browser. At least the browser comes with built-in keys that allow you to reject any known crypto attack except for a compromised CA. The single point of failure you harp about is a reduced surface for attack.
Absolutely. Tor is great at anonymity
on
Spying On Tor
·
· Score: 1
...and trust isn't required with this anonymity vehicle.
The privacy layer you supply yourself, and that requires the usual crypto-facilitated trust. As the Tor people often remind us, there is no way around that fundamental requirement.
So the question is really, do you trust Certificate Authorities pre-loaded in your browser? And if not, what steps are you and the party you're connecting with going to take to swap private keys?
Also bear in mind that many connections need only anonymity and not privacy, if you don't want to be seen browsing certain websites that are viewable by anyone, for instance. In that case, using Tor while regularly flushing your browser's cookies and cache will do the trick.
Privacy becomes necessary when either you or the second party are transmitting data that no one else should see at all, or that no one else should see in the context of anonymity (like your name or other identifying info). Think!
You make very little sense
on
Spying On Tor
·
· Score: 1
...and your earlier statement that browsers have no way of checking against MITM is incredibly irresponsible. The only MITM browsers cannot warn against is where the CA is executing or cooperating in the attack.
You either trust a third-party CA, or the communicating parties setup their own keys (preferably in person). Those are the fundamental mechanics of trust when using electronic communications, and the modern browser covers them. Need to use a "joe random" CA? Just plug it into your browser preferences. Inconvenient? Too bad, ssh is no better.
As for those who bemoan government surveillance through e-commerce sites and the CAs they use: You need to seriously re-evaluate your expectations of what online merchants can and cannot do for people. Perhaps the merchant, understanding special privacy needs of their clientelle, would switch CAs (perhaps even to their own).
When you cough-out backhanded insults to readers then you're behaving as a troll. And don't think that your username escapes notice here either.
I'm not convicting them, but lets face it, most are guilty of file sharing... Even if most are breaking the law, they must be found guilty for reasons other than the demonic apparitions and supposed established custom that the RIAA experts are conjuring up. A pattern of crime must not be allowed to enable opportunists to codify repression.
OTOH, what you seem to be saying is that it doesn't matter if lawbreakers are convicted by underhanded means, twisting the law and maiming the free software community in the process.
Still don't see what any of this has to do with the FSF though. And I don't see where you've addressed their concerns about copyright law, mentioned by the article and myself. Maybe I'm wrong, but I think you are glossing over the FSF's reasons while saying that their actions are unjustified -- that would be dishonest.
Why convict defendants in your posts when they haven't even been through trial?
It ought to be clear from RTFA that the FSF may not have much of a free software culture left to serve if a whole body of cases with twisted re-interpretations of copyright law become established precedent. That impacts redistribution of software ever so much, so they are rightfully against letting the technical misrepresentations themselves to stand irregardless of whether the defendants are innocent or guilty.
Right, tin hat on... How festive.
I have used Hushmail for ages, and it is entirely secure No it isn't, you +5 prat.
You have no way of knowing whether they 'tweak' the applet code for targetted users, much as cellular networks in the USA remotely reprogram cellphones of targeted customers, turning their phones into always-on wireless mics even when they appear to be off.
They COULD provide you with an open-source client app (in Java, for instance) that would function just as nicely as their server-controlled client. But for whatever reason, they kept control over everything which means they can rat you out on command.
Hushmail gives you precisely as much security as they possibly can, and no more. You sound like an advertisement.
1. Whole-disk encryption still not standard 2. Better efficiency hasn't been used to improve battery life 3. No standard enclosures or motherboard form factors 4. Attract clueless software salesmen, who will demonstrate demanding workstation apps on their 'spiffy little wonder'. 5. Have caught the bigger-is-better disease in the USA... The laptop as an SUV-like status symbol. 6. Most warranties are absurdly short for such a device
Overall though, laptops are the bees knees. Blogging would be an insignificant phenomenon without them, and they have taught the industry a lot about elegance and efficiency.
A couple decades ago I'd have included asking the USSR to dump Communism, but that happened. But I suspect that IBM/Microsoft, Christianity and Islam are much more deeply entrenched than Communism ever was. And I suspect the reason for that is because Soviet communism, however much brainwashing was associated with it, did not condition people to supernaturalism. It made false claims because they were falsifiable. Time passed, people saw the results, and stopped believing in the system.
With the supernatualist conditioning to faith for its own sake, credulity becomes much more insidious. Falsifiable claims are more of an embarrassing accident, and esp. when they turn out false the authorities will explicitly make 'faith' itself a burning priority in order to bury the issues.
Religious faith is the explicit training of people to keep refocusing their attention (often on cue) onto something that is necessarily intangible.
But that is not to say that an environment where Windows is integral can actually achieve end-to-end security. Windows is the weakest link, and the difference isn't magic but a matter of design.
System design is why even an "obscure" platform like MacOS could go from having dozens of malwares to about one post BSD transition.
If any of you think this is the least bit specious, the VeriSign website proudly proclaims that they will subcontract to telcos/ISPs that are ordered to eavesdrop in a "legal intercept" capacity. There is no other reason for VeriSign to be in that line of work unless they are using their ability as CA to stage undetectable MITM surveillance attacks.
Slashdot Mirror
...but it's Bush who is warmongering while impoverishing his people. I'd say that Putin was above the both of them, though he will soon be ending his career with that horrific assault against the... arctic circle on his record. Oh the humanity.
Now if you'll excuse me, I'll wash my hands after partaking in one of Slashdot's redmeat xenophobe stories. Call me when you all have something positive to post about Russians or Chinese for a change: Until then, the usual Anglosphere "coverage" of the other major powers is best taken with a large grain of salt.
Dolphin and Konq both drive me crazy.
Though Dolphin nicely allows you to set your default view type (I choose Detailed List), and seems to mimic the OS X Finder left-side bar, it has problems. First, the left-side bar isn't matched with a top-side 'shelf' like Finder has... so your ability to quickly place/remove custom locations in the UI has no counterpart for placing custom tools. Second, you can't drop items onto folders in the left-side bar to copy them; Dolphin will simply add all those items to the bar! That it encourages users to split the window vertically is no help for novices sense of confusion either; I have recommended Dolphin to other users for the last time.
Konq has no setting for default view type, and it defaults to thumbnails. Ugh. Even worse, Konq's identifying icon changes to whatever you're viewing at the moment, so it shifts from default to folder to web page icon, etc, leaving me unable to find windows in a busy task bar. Finally, Konq's tree view is generally un-helpful: Its difficult to know when it will follow your movement to another dir (and its rare) and the categories that I must constantly shift between ('home' and 'services') just to move files between home and external drives are asinine. (Also: the Printers category doesn't play nicely with CUPS, Network is useless for samba shares, and don't get me started on the KDE dir properties dialog that sets up samba shares guaranteed not to work).
Though Konqueror has great abilities WRT protocols like ssh and sftp, it doesn't make up for the fact that NONE of the FOSS file browsers can match the balance of usability and (non-broken) features in OS X and Windows browsers.
So the compatibility problem is the same with either type of disk image.
If you use GPG, then you can encrypt or decrypt on any OS.
Umm, like the one built-into OS X: encrypted disk image.
But overall a file encryption tool like gpg may be more secure than letting google or others see the disk I/O flow over the net. In that scenario, which truecrypt isn't designed for, I believe a disk encryption scheme becomes weak.
...to behave like the military. What you seem to be saying is that you're making money off of both areas, so it doesn't matter to you if the government becomes fascist.
Still waiting for the day when Slashdot stops posting articles about exploits that have no mention of the OS in the summary...
And PKI works if you consider its limitations. Yes, the gov't can spy on your shopping and banking transmissions. But if you pay only a little attention to https vitals when browsing, private phishers cannot spy on you.
OTOH, if PKI did prevent gov't surveillance, then the gov't could probably get your data direct from the merchant with some extra effort.
I can imagine a better system, rooted in the keys distributed with FOSS operating systems...
OK but, the Swede who conducted his exit-node study did not really know if those people accessing embassy systems actually belonged doing so. Hmmm...
And yeah, recommending it for official business it just crazy. Unless-- the embassy personnel were spying in their host country.
A note: Browsers already have a way of storing client certificates to identify themselves, so you still only need a server on one end. Or, you can put a website-specific cert in the client's browser, and let the client log in with username/password-- the server will already be authenticated before the user logs in, so its safe if the user is trained to heed certificate warnings.
You are right to suggest that tight security may require that the certs/keys be exchanged in person.
I disagree with the overall thrust of your post.
Tor isn't aimed at sysadmins for use as a client. You are confusing the actors and roles in your message.
Tor client only requires a knowledge of: domains/URLs, cookies and misc browser security issues like scripts and web bugs. Network architecture isn't important (if I'm mistaken, please explain). In Firefox, keep using Tools-> Clear Private Data. With this level of knowledge you can browse 'open' sites anonymously.
If privacy is also required, then basic knowledge of https/ssl is required. You must know the ritual of looking for the lock, then checking the domain name, and heeding certificate warning dialogs. Not hard. At this level, you can conduct transactions that would wouldn't mind the CA or certain governments seeing.
If 'high' privacy is necessary, then the user must know how to import certificates into the browser. Working the Certificate Manager in Firefox is also not hard. At this level (requiring more than a little work on the server side) the user can feel safe there is no cleartext net surveillance, though other modes of spying may be possible (keyloggers, physical break-in, etc.).
If two or more parties want privacy without the questions an (un)trusted third-party raises, then they can distribute certificates among themselves and use Certificate Manager in Firefox, or similar, to import them. There is no perfect technical solution for the problem when using PKI. There is no mindless, transparent solution for digital privacy. But with some care and minimal user education https is quite secure.
Why would you even mention ssh here? It isn't "better" than using a browser. When I store an ssh known host on my client, I have to think about how secure the connection was at that moment... if it happened over the Internet (or even an infested LAN) then it could be bogus; uneducated users could be even more dangerous with ssh than with a browser. At least the browser comes with built-in keys that allow you to reject any known crypto attack except for a compromised CA. The single point of failure you harp about is a reduced surface for attack.
...and trust isn't required with this anonymity vehicle.
The privacy layer you supply yourself, and that requires the usual crypto-facilitated trust. As the Tor people often remind us, there is no way around that fundamental requirement.
So the question is really, do you trust Certificate Authorities pre-loaded in your browser? And if not, what steps are you and the party you're connecting with going to take to swap private keys?
Also bear in mind that many connections need only anonymity and not privacy, if you don't want to be seen browsing certain websites that are viewable by anyone, for instance. In that case, using Tor while regularly flushing your browser's cookies and cache will do the trick.
Privacy becomes necessary when either you or the second party are transmitting data that no one else should see at all, or that no one else should see in the context of anonymity (like your name or other identifying info). Think!
...and your earlier statement that browsers have no way of checking against MITM is incredibly irresponsible. The only MITM browsers cannot warn against is where the CA is executing or cooperating in the attack.
You either trust a third-party CA, or the communicating parties setup their own keys (preferably in person). Those are the fundamental mechanics of trust when using electronic communications, and the modern browser covers them. Need to use a "joe random" CA? Just plug it into your browser preferences. Inconvenient? Too bad, ssh is no better.
As for those who bemoan government surveillance through e-commerce sites and the CAs they use: You need to seriously re-evaluate your expectations of what online merchants can and cannot do for people. Perhaps the merchant, understanding special privacy needs of their clientelle, would switch CAs (perhaps even to their own).
OTOH, what you seem to be saying is that it doesn't matter if lawbreakers are convicted by underhanded means, twisting the law and maiming the free software community in the process. Still don't see what any of this has to do with the FSF though. And I don't see where you've addressed their concerns about copyright law, mentioned by the article and myself. Maybe I'm wrong, but I think you are glossing over the FSF's reasons while saying that their actions are unjustified -- that would be dishonest.
Why convict defendants in your posts when they haven't even been through trial?
It ought to be clear from RTFA that the FSF may not have much of a free software culture left to serve if a whole body of cases with twisted re-interpretations of copyright law become established precedent. That impacts redistribution of software ever so much, so they are rightfully against letting the technical misrepresentations themselves to stand irregardless of whether the defendants are innocent or guilty. Right, tin hat on... How festive.
No. Off-site sourced content is the problem.
Even if you prevent remote code from running, there is still the threat posed by ubiquitous ad servers tracking your browsing habits.
You have no way of knowing whether they 'tweak' the applet code for targetted users, much as cellular networks in the USA remotely reprogram cellphones of targeted customers, turning their phones into always-on wireless mics even when they appear to be off.
They COULD provide you with an open-source client app (in Java, for instance) that would function just as nicely as their server-controlled client. But for whatever reason, they kept control over everything which means they can rat you out on command. Hushmail gives you precisely as much security as they possibly can, and no more. You sound like an advertisement.
http://www.bbc.co.uk/dna/h2g2/A25871141
Considering you need a second battery to get 6-7 hrs, that isn't impressive. My 12" iBook from 2004 gets 5 hrs on a single battery.
Show me a laptop that can get 8 hours from a 5000kWh battery.
For those who may be interested, an interview and a couple of online discussions with Garrett Lisi participating:
http://www.physicsforums.com/showthread.php?t=179527
http://backreaction.blogspot.com/2007/08/garrett-lisis-inspiration.html
1. Whole-disk encryption still not standard
2. Better efficiency hasn't been used to improve battery life
3. No standard enclosures or motherboard form factors
4. Attract clueless software salesmen, who will demonstrate demanding workstation apps on their 'spiffy little wonder'.
5. Have caught the bigger-is-better disease in the USA... The laptop as an SUV-like status symbol.
6. Most warranties are absurdly short for such a device
Overall though, laptops are the bees knees. Blogging would be an insignificant phenomenon without them, and they have taught the industry a lot about elegance and efficiency.
With the supernatualist conditioning to faith for its own sake, credulity becomes much more insidious. Falsifiable claims are more of an embarrassing accident, and esp. when they turn out false the authorities will explicitly make 'faith' itself a burning priority in order to bury the issues.
Religious faith is the explicit training of people to keep refocusing their attention (often on cue) onto something that is necessarily intangible.
But that is not to say that an environment where Windows is integral can actually achieve end-to-end security. Windows is the weakest link, and the difference isn't magic but a matter of design.
System design is why even an "obscure" platform like MacOS could go from having dozens of malwares to about one post BSD transition.
Hardware manufacturers? How about certificate authorities?
If any of you think this is the least bit specious, the VeriSign website proudly proclaims that they will subcontract to telcos/ISPs that are ordered to eavesdrop in a "legal intercept" capacity. There is no other reason for VeriSign to be in that line of work unless they are using their ability as CA to stage undetectable MITM surveillance attacks.
Hello. Software is a branch of mathematics.