His point was that the system maintainer might be forced by a spy agency to alter the code so that the password variable is not temporary, but instead logged in persistent storage.
That's easy: Build your hashing systems such that there IS no persistent storage. Make it out of DRAM, and enforce rules to scrub the memory and temporary storage before and after each password hashing request or attempt. Additionally, just create a tmpfs volume, encrypted with a one-way hash/salt, and write your scratch data there, then dump it and scrub those bits when done. Problem solved.
You do realize that recording public officials, law enforcement and the like is going to land you in jail, right? Actually, it's already been demonstrated, when a black teen recorded a police officer publicly harassing and beating another black teen. So the one who got 8 months in jail and is facing 7 YEARS in prison? Not the 15 year old behind the police officer's baton, but the one who RECORDED the event with his camera phone.
When it becomes legal and admissible evidence for an officer to bring in his dash camera footage, but ILLEGAL for a citizen to record an officer breaking the law, what have we become as a society? Seriously. This stuff is happening NOW.
And it scares the bejezzus out of me, and thousands of my compatriots.
Here's another of a fan running on a field, the cops chase him down, start beating him up ON THE FIELD in front of thousands of fans, when the fans storm onto the field and beat the crap out of the cops.
"A Zoë Chip is chip placed in your brain at birth to record your entire life. When you die, the footage from your life is edited into a “Rememory”-- a film shown at your funeral pieced together by an editor. A toy for the privileged, Zoë Chips are changing the face of human interaction, but there are those who are against this emerging technology, and believe that memories are meant to fade."
As much as I object to an "Opt Out" mentality, we could make this easier, by ensuring that all Google Glass users adhere to the "Obscuring" policy (does not exist yet).
Basically if you're in a coffee shop and wearing your Google Glass, anyone in that shop who is signed into Google would get an alert that they are in proximity to Glass, and could then "opt out" of monitoring video and audio. The Google Glass wearer's device would then just blur our the faces of those who have opted out (easy, Google already does it for Maps), and subtract the audio from those users (harder to do, me thinks).
Anyone using Glass with an active monitoring device in-play (video, audio) SHOULD be notifying the people around them that they're actively recording them. Not only is this illegal in most states, if you're in on private property (i.e. Panera, Starbucks, coffee shop, McDonalds, etc.), you can be ejected and asked to leave.
Additionally, if someone near you objects to you recording them, or their surroundings with your Glass device and asks you to stop recording, you have to comply, or you can be slapped with fines and arrest for "Unauthorized Recording" (i.e. recording laws of the state in question). You can't record someone nor take photos of them without their consent. Do people do it? Sure, but if everyone starts wearing Glass, you'll see more people banned from public spaces (i.e. private property businesses) for doing so.
Also, since you can't use these devices anywhere near government buildings, public transportation systems (trains, planes, airports, bus stations, bridges, highways), it's really going to be a pain to take the device on and off hundreds of times a day.
As one of my colleagues once said: "This is an example of a good idea, poorly implemented."
With all the money you're going to spend filing those patents, why not contribute to the research instead? $20M would help bring the industry a long way:)
Which of course, you should never do, since.htaccess will grind the performance of your site directly into the ground. It also means that anyone with access to the filessytem (such as an already-hacked WP instance) can revert your changes.
That's funny, because I just interviewed with Google last week for an SRE role, and they specifically wanted someone with hardcore Python and Java development experience, at the filesystem and kernel level. They're moving -everything- into those two language engines.
Or, you can vote for neither and raise the awareness and quality of the other dozen-or-so political parties that are not on either side of that tired, worn out old coin.
Vote for new change, not the same coins you've always carried with you.
The material I've linked to doesn't automatically link back. Instead, I could make a link using his system which includes the text from the version of the document I look at, and provides a two-way link.
It's a nice idea, but unless you can make it easy to create documents with all these links (and ensure they don't need any maintenance) I don't see how it would catch on.
That's the rub.. How do I guarantee that the text I've linked to never changes, nor goes away? I don't want someone changing the content or context of my citations to "rewrite history" as it were, or to sell their own advertisement space inside my website (think iframes), or any one of two dozen different, malicious ways to abuse this mechanism.
Dropbox offers a few advantages over rsync:
It runs in real time and detects changed files, syncing them instantly without polling the filesystem. (using services like inotify).
It has iPhone and Android clients.
It's easy to install and doesn't carry other requirements like cygwin, and doesn't break in all kinds of odd corner cases like rsync on windows does.
It offers central management of which computers sync which files and folders (well, SugarSync does this much better).
It offers a web based view of your synced files for when you don't have your own computer. (This can be a plus or minus depending on your viewpoint).
It keeps backup copies of your deleted and changed files.
You do know that Dropbox is already using rsync, right? Look at the code... it's available. They wrapped some service logic around it, but it's rsync (librsync) under the hood.
Don't worry, your friends and family will upload pictures of you and tag them for you so Facebook has photos of you to draw from.
One of the biggest flaws in the design of Facebook, was allowing other people to tag you in photos, without your approval.
What should happen, is you get tagged in photos, and for each photo you're tagged in, you have to approve it, before it goes live. Just like someone "friending" you on FB.
I'm shocked they let blind tagging of people happen like that.
I haven't used titlebars on any app in almost a decade (sawfish). I also don't use icons, docks, wharfs or menubars. I prefer my environment to be clean, fast, functional and uncluttered.
As long as the browser's default behavior remains the same, and the 'tabs-on-titlebar' is an optional feature that can be enabled, that's fine.
Changing the default behavior is always bad. Always.
You Can't Jailbreak the Cloud... at least that's what they think.
How do you run their CloudOS while on an airplane? In a train tunnel? While disconnected from the Internet itself?
There's a growing, ignorant view that everyone has access to Internet all the time, and that's simply not true, and in fact, is growing in the opposite direction. Many people are taking their devices with them more and more, and finding that they have less connectivity than they thought they did.
Home? Yes. Work? Yes. Friend's house? Yes. But all the touch points in-between? No, not likely... so what then?
Then you'll sit in jail. No one will care. Your friends will think you were an idiot for not just co-operating. Freedom just isn't a virtue in itself for most people any more.
You seem to have forgotten what rights we really have in the US.
You're advocating giving up all of my freedoms and rights, so I don't sit in jail? How is that a viable solution?
Cooperating with a ridiculous requirement that outright violates the rights and freedoms this country was based upon, is never going to work. It's precisely this kind of cooperation that got us in the mess we're already in.
I refuse to waive my rights out of fear, rather than stand up and defend them.
Remember, WE give the government it's rights and power, they don't give it to us.
You can continue to sit, fat and happy watching your American Idol and playing your PS3, but just remember who stood up for you and fought for your freedoms and rights, while you sat back and did nothing.
BTW in the UK refusal to provide a password or passkey to decode an encrypted device is punishable with several years in jail. You have no right to remain silent in the UK, and it's beginning to look like the US is headed down the same path.
I'll take the jail time, thanks. I'm not going to let the threat of jail time compel me to revoke my own morals or those of generations of people who will come after me. It's our rights we're standing up for here.
Frankly, $100 ownership cost per victim is cheap. Compare to the cost of buying the SuperBowel in order to sell millions per minute TV commercials.
What is this "Advertisement" thing you speak of? I haven't seen a single ad on the web in at least a few years, thanks to some intelligent, learning plugins and Javascript plugins that restrict/prohibit them from ever being displayed to my eyes. They might get blocked at the request level, or get stashed in the cache and neutered in my web interface, but I haven't seen ads in a long, long time now.
The point is, if I'm using the tools you're using, and using the same source, I should be producing the same binaries (functionally the same, not byte-for-byte identical).
The source you provide or link to must be the same source used to produce the binaries you're shipping on your device. In other words, if I take Google's source and build binaries with it, and those binaries differ from the ones shipping on your device, it's not the same source code, and does not comply with the license.
Pointing to a source for Android, is not the same thing as providing the source for the modifications to that source that you (as a vendor) have done to the source.
The only problem is that I cannot login to the websites on public computers, but I think that's an added security bonus. I have my Blackberry with me to check my email, which is what I really need to check on the road.
Sure you can... just install DropBox on your BlackBerry and/or use a password-accessible Dropbox URL that leads to your KeePassX.kdb file, and keep a copy of the portable KeePassX.exe file in there for those public terminals.
KeePassX also has a client for the BlackBerry, which I use all the time.
Slashdot Mirror
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Google is already using this today.
That's easy: Build your hashing systems such that there IS no persistent storage. Make it out of DRAM, and enforce rules to scrub the memory and temporary storage before and after each password hashing request or attempt. Additionally, just create a tmpfs volume, encrypted with a one-way hash/salt, and write your scratch data there, then dump it and scrub those bits when done. Problem solved.
Except for private Twitter accounts and deleted/redacted Tweets. Only the Library of Congress has the originals, in context.
What you see via the public, port 80 web interface to Twitter or via their API is nowhere near to the full Twitter data stream.
You do realize that recording public officials, law enforcement and the like is going to land you in jail, right? Actually, it's already been demonstrated, when a black teen recorded a police officer publicly harassing and beating another black teen. So the one who got 8 months in jail and is facing 7 YEARS in prison? Not the 15 year old behind the police officer's baton, but the one who RECORDED the event with his camera phone.
https://www.youtube.com/watch?v=g1e9Htc6FMY
When it becomes legal and admissible evidence for an officer to bring in his dash camera footage, but ILLEGAL for a citizen to record an officer breaking the law, what have we become as a society? Seriously. This stuff is happening NOW.
And it scares the bejezzus out of me, and thousands of my compatriots.
Here's another of a fan running on a field, the cops chase him down, start beating him up ON THE FIELD in front of thousands of fans, when the fans storm onto the field and beat the crap out of the cops.
https://www.youtube.com/watch?v=rBfEh4aBt1g
With Google Glass, how soon before cops start smashing your $1,500 device, or shatter your phone, to prevent any evidence of their wrongdoing?
Maybe "The Final Cut", almost 10 years ago wasn't so far off:
http://www.imdb.com/title/tt0364343/
"A Zoë Chip is chip placed in your brain at birth to record your entire life. When you die, the footage from your life is edited into a “Rememory”-- a film shown at your funeral pieced together by an editor. A toy for the privileged, Zoë Chips are changing the face of human interaction, but there are those who are against this emerging technology, and believe that memories are meant to fade."
As much as I object to an "Opt Out" mentality, we could make this easier, by ensuring that all Google Glass users adhere to the "Obscuring" policy (does not exist yet).
Basically if you're in a coffee shop and wearing your Google Glass, anyone in that shop who is signed into Google would get an alert that they are in proximity to Glass, and could then "opt out" of monitoring video and audio. The Google Glass wearer's device would then just blur our the faces of those who have opted out (easy, Google already does it for Maps), and subtract the audio from those users (harder to do, me thinks).
Anyone using Glass with an active monitoring device in-play (video, audio) SHOULD be notifying the people around them that they're actively recording them. Not only is this illegal in most states, if you're in on private property (i.e. Panera, Starbucks, coffee shop, McDonalds, etc.), you can be ejected and asked to leave.
Additionally, if someone near you objects to you recording them, or their surroundings with your Glass device and asks you to stop recording, you have to comply, or you can be slapped with fines and arrest for "Unauthorized Recording" (i.e. recording laws of the state in question). You can't record someone nor take photos of them without their consent. Do people do it? Sure, but if everyone starts wearing Glass, you'll see more people banned from public spaces (i.e. private property businesses) for doing so.
Also, since you can't use these devices anywhere near government buildings, public transportation systems (trains, planes, airports, bus stations, bridges, highways), it's really going to be a pain to take the device on and off hundreds of times a day.
As one of my colleagues once said: "This is an example of a good idea, poorly implemented."
With all the money you're going to spend filing those patents, why not contribute to the research instead? $20M would help bring the industry a long way :)
http://www.uspto.gov/web/offices/ac/qs/ope/fee031913.htm
I think you probably meant to link to this copy of the file instead:
http://upload.wikimedia.org/wikipedia/commons/e/ed/PVeff(rev130307).jpg
Which of course, you should never do, since .htaccess will grind the performance of your site directly into the ground. It also means that anyone with access to the filessytem (such as an already-hacked WP instance) can revert your changes.
http://httpd.apache.org/docs/2.2/en/howto/htaccess.html#when
Because a significant portion of Google's backend infrastructure is run on Java.
That's funny, because I just interviewed with Google last week for an SRE role, and they specifically wanted someone with hardcore Python and Java development experience, at the filesystem and kernel level. They're moving -everything- into those two language engines.
Or, you can vote for neither and raise the awareness and quality of the other dozen-or-so political parties that are not on either side of that tired, worn out old coin.
Vote for new change, not the same coins you've always carried with you.
The material I've linked to doesn't automatically link back. Instead, I could make a link using his system which includes the text from the version of the document I look at, and provides a two-way link.
It's a nice idea, but unless you can make it easy to create documents with all these links (and ensure they don't need any maintenance) I don't see how it would catch on.
That's the rub.. How do I guarantee that the text I've linked to never changes, nor goes away? I don't want someone changing the content or context of my citations to "rewrite history" as it were, or to sell their own advertisement space inside my website (think iframes), or any one of two dozen different, malicious ways to abuse this mechanism.
You do know that Dropbox is already using rsync, right? Look at the code... it's available. They wrapped some service logic around it, but it's rsync (librsync) under the hood.
One of the biggest flaws in the design of Facebook, was allowing other people to tag you in photos, without your approval.
What should happen, is you get tagged in photos, and for each photo you're tagged in, you have to approve it, before it goes live. Just like someone "friending" you on FB.
I'm shocked they let blind tagging of people happen like that.
Uhm...you can't be arrested for resisting arrest. If that's the case, what were you arrested for in the first place, for which you were "resisting"?
I haven't used titlebars on any app in almost a decade (sawfish). I also don't use icons, docks, wharfs or menubars. I prefer my environment to be clean, fast, functional and uncluttered.
As long as the browser's default behavior remains the same, and the 'tabs-on-titlebar' is an optional feature that can be enabled, that's fine.
Changing the default behavior is always bad. Always.
How do you run their CloudOS while on an airplane? In a train tunnel? While disconnected from the Internet itself?
There's a growing, ignorant view that everyone has access to Internet all the time, and that's simply not true, and in fact, is growing in the opposite direction. Many people are taking their devices with them more and more, and finding that they have less connectivity than they thought they did.
Home? Yes. Work? Yes. Friend's house? Yes. But all the touch points in-between? No, not likely... so what then?
Then you'll sit in jail. No one will care. Your friends will think you were an idiot for not just co-operating. Freedom just isn't a virtue in itself for most people any more.
You seem to have forgotten what rights we really have in the US.
You're advocating giving up all of my freedoms and rights, so I don't sit in jail? How is that a viable solution?
Cooperating with a ridiculous requirement that outright violates the rights and freedoms this country was based upon, is never going to work. It's precisely this kind of cooperation that got us in the mess we're already in.
I refuse to waive my rights out of fear, rather than stand up and defend them.
Remember, WE give the government it's rights and power, they don't give it to us.
You can continue to sit, fat and happy watching your American Idol and playing your PS3, but just remember who stood up for you and fought for your freedoms and rights, while you sat back and did nothing.
BTW in the UK refusal to provide a password or passkey to decode an encrypted device is punishable with several years in jail. You have no right to remain silent in the UK, and it's beginning to look like the US is headed down the same path.
I'll take the jail time, thanks. I'm not going to let the threat of jail time compel me to revoke my own morals or those of generations of people who will come after me. It's our rights we're standing up for here.
I wrote a post about this over 5 years ago, when it first happened: http://blog.gnu-designs.com/no-you-may-not-have-my-encryption-keys
Frankly, $100 ownership cost per victim is cheap. Compare to the cost of buying the SuperBowel in order to sell millions per minute TV commercials.
What is this "Advertisement" thing you speak of? I haven't seen a single ad on the web in at least a few years, thanks to some intelligent, learning plugins and Javascript plugins that restrict/prohibit them from ever being displayed to my eyes. They might get blocked at the request level, or get stashed in the cache and neutered in my web interface, but I haven't seen ads in a long, long time now.
And that's just the way I like it.
The point is, if I'm using the tools you're using, and using the same source, I should be producing the same binaries (functionally the same, not byte-for-byte identical).
The source you provide or link to must be the same source used to produce the binaries you're shipping on your device. In other words, if I take Google's source and build binaries with it, and those binaries differ from the ones shipping on your device, it's not the same source code, and does not comply with the license.
Pointing to a source for Android, is not the same thing as providing the source for the modifications to that source that you (as a vendor) have done to the source.
According to Federal Wiretapping laws, yes... you would be guilty of felony wiretapping.
Sure you can... just install DropBox on your BlackBerry and/or use a password-accessible Dropbox URL that leads to your KeePassX.kdb file, and keep a copy of the portable KeePassX.exe file in there for those public terminals.
KeePassX also has a client for the BlackBerry, which I use all the time.