Most American consumers are ignorant to the mounting evidence indicating that the laborers whom they have to thank for cultivating these products are being grossly exploited, live in spiraling poverty, and, in some cases, are modern-day slaves.
...says the guy typing his snarky comments in on a Chinese-made laptop. At least with coffee, you can seek out "fair trade coffee", which comes with a somewhat believable assurance that the farmer who produced it actually was paid a fair price for it. There are no "fair trade computers" that I'm aware of.
Srsly? Do you know how stupid executives are? "Hey, that web page that my nephew wrote, it does what we need, put it into production." A week later you get this email: "We need you to maintain it - add a loyalty registration page to this thing here, and we're getting complaints about response time..."
Productivity is a tough one, but it's by far the most important. That's what we get paid for.
A good competition might be to start with a functional test, and just let developers "swing away" at it. Or you might add real world constraints that development organizations want to see, such as requiring 95%+ code coverage with unit tests, keeping complexity below 12, and it must pass lint / pmd / fxcop / other static code analysis tool with no warnings or errors. Maybe it has to pass a code review, too. The functional test would have to pass ensuring it does what it's supposed to do, and maybe it would need to pass a fuzz test to ensure it doesn't break under strain.
And you would need to run different contests for different categories: web apps, services, operating systems, embedded systems, phone apps, etc. Not all problems are created equal.
The biggest threat is with the potential for voter coercion. A voting booth is private: you are isolated from everyone else, and therefore you can't prove you voted one way or another to someone else. But if he's standing behind you while you vote, you can sell your vote, or even be coerced into voting against your will.
My concern on this is that health care has dramatically increased lifespans. More people are dying of cancer because the things that used to kill them no longer do so as often. Yes, i figured they controlled for age, exposure, environment, but even so, it's really hard because melanoma is so slow acting.
If we accept the premise that we are in a period of "spiritual malaise" (not that I necessarily know how to measure such a thing, or even that I agree we're in such a period), I still wouldn't agree that "automatization of labor" is the cause. A cell phone or a tablet is not a labor saving device as much as it is a communications and information delivery device, and I don't see that a Facebook relationship enhances or detracts from spirituality. Maybe you can't follow your favorite deity on Twitter, but you can sure find and associate with millions of his or her followers quite easily.
You just (sort of) described the VASCO DIGIPASS readers. They're given away by the banks to their customers, and cost less than $20 apiece. The user inserts their card into their own reader. The reader is nothing more than a battery, LCD and 10-key pad the user can trust. Because the user carries it with him or her, they can trust there's no PIN skimmer they have to worry about. And because it's a sealed device, with no data ports and no USB connections, there is not a way for malware to corrupt it.
The user inserts their smart card, enters their PIN, and their card generates a one-time use 8 digit token that authorizes their transaction. The PIN pad does nothing other than display the token. All security and encryption happens on the chip in the card.
I think there's an option to enter the transaction amount as well as the PIN.
The merchant enters the token along with the card number, and the bank knows the user's card plus PIN could have been the only way to generate that token.
The drawbacks are the complexity and the time. Telling a user "put your card in the reader, enter your PIN into the reader, enter the transaction amount in the reader, then type the displayed 8 digit number into the store's PIN pad" is way too confusing for a disturbingly large segment of the population. Even getting people to type 8 digits without making a mistake is also difficult. All these complexities means that using your credit card will take a lot of time, and neither stores nor card brands nor customers want to spend their time on security.
Worse, even this isn't good enough. The token could be stolen by anyone in transit, and used on a different transaction to pay a thief. In an ideal world the user really needs to associate the token with the merchant they're buying from, and that turns out to be very hard. Just posting a sign that says "Here's a 14 digit merchant number you should enter" proves very little. An attacker could place their own sticker on the sign, or display their own 14 digit number on a hacked web site. A barcode is not much good either, because an ordinary human isn't capable of verifying that the stripes actually say "Friendly Store" instead of "Evil Hackers". The user needs a friendly name, plus the ability to spell it. And that's one more piece of complexity that nobody wants to add.
Bottom line: security is too hard for most people to do well.
You know what? That sounds like a very successful test of using iThings for point of sale. Not that the iThing was successful, but I bet your experience helped the retailer understand that those devices sucked for the task. At least temporarily.
POS providers are under constant pressure to "put mobile POS systems in my store" or "the Apple store uses iPods, why can't we?" Apparently every marketer associates being cool with the use of iPhones. They parade a profound lack of knowledge of human interface design, usability, workflow, and productivity as some kind of badge of honor, like "we're breaking through traditions and making our cashiers cool." Then when someone finally runs a real-world test and proves that cashiers will slow down by a factor of five; they have no place for shopping bags, hangers, flat surfaces for folding sweaters, or receipt printers; the sleds triple the bulk and weight of the devices; and the customers are pissed off at the long waits and longer lines, the marketer puts his tail between his legs and slinks back into his cubicle, having failed at the task of bringing "cool iThings" into the stores. The marketing executives blame the failure on the project management, on the project team, or on anything that went wrong, but never seem to learn the failure stems from the limitations of the human interfaces required to actually sell stuff.
Twelve months later, the next fresh face in charge of marketing repeats the cycle. It never ends.
Your argument makes no sense. You say that Snowden wouldn't have access, yet he clearly had access to hundreds of thousands of TOP SECRET classified documents. And suspicions were raised around Dual EC_DRBG was raised by Bruce Schneier and other cryptographers about 5 years ago, long before Snowden leaked a byte.
The backdoor remains an undemonstrated weakness, as nobody's actually published the key secret numbers that prove it can be exploited. But I am given to understand the math that points to the holes in the origin is pretty damning. Less convincing is "proof" that RSA took money from the NSA to support this algorithm. But given the other documents released by Snowden, and from other glimpses of the security snooping apparatus surrounding us (the reverse engineering of Stuxnet and related malware), there is nothing but support for these arguments.
The thing that comes to the top of my mind is customer throughput and system speed. Public key cryptography works on really big numbers, and RFID technology doesn't exactly operate at blazing megabit speeds. Long ago we tried a smart card (contact) system that took 1500 milliseconds to exchange an RSA encrypted message with the reader at 9600 baud. The four cryptographic exchanges the vendor had the device performing took a total of six seconds, and none of our customers liked it. For a transit system to be effective, a crowd of people needs quick throughput, and even waiting two seconds each for card to authorize might be a deal breaker.
So you really have two choices: great security that is slow and expensive, or good enough security that's fast and cheap, but you need a few more layers of it.
The practical answer is to buy cards that are fast, cheap, and hard to clone (not impossible, just hard), and impose severe penalties for anyone using a cloned card. Put in fraud detection software and systems. Audit the riders occasionally (using police that you already have for safety reasons.) Run cameras (which they have for robberies anyway.) And make sure that fraudsters are prosecuted in the public square as a warning to others. This news article is actually a deliberate part of the security of their system.
It's not that "it's more satisfying", it's simply more practical. (Other than the DEA and others "fighting the war on drugs", I've never met anyone in the criminal justice system who wants more laws for people to break so they can catch more bad guys - there are already more than enough real bad guys to go around.)
In that article the politician was saying that fares are 30% of the revenue used to offset operating expenses, but that excludes any mention of servicing the mortgage on the capital investments, which he argues doubles the actual cost of a ride, meaning fares provide only 15% of the cost of the ride. (I think it's a poor argument, by the way, because it completely ignores the benefits produced by a functioning mass transit system, but that's a giant political debate that we don't need to have here.)
The grandparent was asking "what percentage of the fares goes into collecting the fares?" I assume he's asking questions about the technology, such as installing card validators, issuing cards, having transit police perform random checks, maintenance on the readers, servicing the cash in the ticket machines, etc. For Metro Transit, non-fuel and non-payroll operating expenses are about 85% meaning that the operating cost of everything else (utilities and other is 8.4% and central support is 6%) is 14.4%. No matter what, it's less than the amount of the fares. (I'm excluding transit police labor as they are needed for rider safety instead of just fare collection; even so, they're only about 1% of the labor.)
So how does all this fit in with MiFare cards? Cards with better security would cost more - perhaps double the cost per card, and possibly an upgraded price for the turnstile software would be needed, too. But these criminals were caught with the current system, and after making only a few tens of thousands of dollars. The cost of reissuing new cards could easily go to a million dollars. So far, the cost of fighting fraudulent cards isn't worth the difference in price. Of course, if the criminals were making millions, and if they were never getting caught, then it would be worth the money to replace the cards. Just maybe not today.
I understand your point, except I have yet to see an Internet forum posting that has the same preservation-worthy historical qualities as, say, the Flatiron Building.
What would make more sense is for sites to have a retention policy. "We will delete posts older than five years, unless otherwise marked" or "all posts will be deleted after 365 days of inactivity of the poster's account." Really, it's almost all trash. Saving the lot of it for posterity is quite pointless.
Being nice is generally the key to resolving these things quickly and in your favor. Come in threatening lawsuits, and they'll ignore you until you actually engage a lawyer (at your own expense. )
So to get this variety, what you really need is a network of volunteers with SDRs set up in listening posts around the globe. I think you'll get the most participation by making a solution as turn-key as possible for volunteers. Perhaps what you could do is to wrap up a software package that you could distribute to all these people. It could install the SDR drivers, and run the capture program on the appropriate frequencies. Set up a server where your volunteers can upload their captures. Set up the capture software to automatically upload the data to your server every 24 hours.
You could even consider buying a volume discounted quantity of wideband SDR receivers and distributing them to promising volunteers. Once you're ready, advertise for help on ham forums, or ask for help on the amateur bands.
Actually, this is all part of Jeff Bezos' master plan. They wanted to place a lot of blame on the couriers today, so that the FAA will have no choice but to approve Amazon's request to fly drones next year.
It's a conspiracy, I tell you! Soylent Brown is slow people!!;-)
Despite the name, a rootkit does not generally refer to a generic "tool for getting root" on an unmodified device.
A rootkit is a certain type of malware that hides itself inside the OS by modifying the OS, preventing userland views of its presence. For example, if you ask the OS for a list of files in a folder because you want to see if you have malware on it, the modified file system will conveniently skip listing the files containing the filesystem modifications. How is an anti-virus program supposed to scan for wormy.dll if the OS never tells it that wormy.dll exists?
The line isn't that simple. iOS already knows when it's been jailbroken. There's even an API for that so that programs that deal with security can refuse to operate if they don't trust the environment. Square Payments won't let you read credit cards on a jailbroken device; AirWatch reports jailbreaking back to corporate servers (I keep an un-jailbroken device around just for reading company email); and even Skype pops up a warning dialog that says "this app is unsupported on a jailbroken device."
Since Apple can detect a jailbroken phone, they could obviously take harsher actions themselves. They could shut the phone down, or make it rapidly eat batteries, or delete your accounts, or do any of a hundred different nasty things to the phone. But they don't. They have arrived at a somewhat unstable cease-fire with the jailbreakers. So Apple, in this weird way, actually has OS level "support" for being jailbroken. They don't treat us as criminals.
And they need to. I own many different iDevices, but I wouldn't have even bought the second if I hadn't been able to jailbreak it. I won't upgrade iOS until there's an untethered jailbreak for it. I seriously never consider buying an iDevice unless I have high confidence that I can jailbreak it the day I buy it. It's all a part of making a deal with the devil: if Apple wants my money, they have to tolerate my jailbreaking their device. And I've heard that somewhere around 30% of iPhones are jailbroken -- that's just way too much money for them to walk away from.
Furthermore, while the jailbreak is considered "untethered", that only means you can reboot the phone without requiring a USB cable to a host computer (an important requirement in my book.) But as far as I know most jailbreaks still initially require the user to connect a USB cable to the device to load a special boot loader that injects the exploit.
The need is relative, of course. I have many Cydia apps that I refuse to give up, including several that are bought-and-paid-for. They include an outgoing firewall, tethering, various music and media controls, photos added to my contact list, PrivaCy, and many specific gestures to control things such as wi-fi and Bluetooth, all of which are banned by Apple.
Even more of a factor is that I have no burning need to rush to iOS7. Most apps that require iOS7 simply don't offer anything compelling to me. I'm not all about the social media, so I don't have many of the popular apps like facebook or twitter installed. Honestly, if Windows phone supported the one important iOS database app I use, I'd consider jumping ship entirely (assuming Windows phones can be tweaked and or hacked to do the same things, something I haven't needed to research yet.)
All of them, AFAIK. Cell connections are like potato chips to the FBI - they can't stop at just one.
Actually, that was the job of the old CARNIVORE system - to sniff all the data, but then to get rid of the data that didn't pertain to the target of the investigation. We all mocked it, but at least back then they were trying to respect the privacy of citizens. Nowadays, it's just easier to classify everything and not answer all those pesky questions.
A 70 bit asymmetric key is just as trivial as a 64 bit key - keylength.com won't even calculate an asymmetric key shorter than 384 bits, which it equates to 56 bit DES in 1981. I'm guessing based on the 24-graphics-card hash cracker's capabilities that he could factor this number in well under 1 second.
Slashdot Mirror
We're not dead yet! I don't want to go on the cart!
Most American consumers are ignorant to the mounting evidence indicating that the laborers whom they have to thank for cultivating these products are being grossly exploited, live in spiraling poverty, and, in some cases, are modern-day slaves.
...says the guy typing his snarky comments in on a Chinese-made laptop. At least with coffee, you can seek out "fair trade coffee", which comes with a somewhat believable assurance that the farmer who produced it actually was paid a fair price for it. There are no "fair trade computers" that I'm aware of.
Srsly? Do you know how stupid executives are? "Hey, that web page that my nephew wrote, it does what we need, put it into production." A week later you get this email: "We need you to maintain it - add a loyalty registration page to this thing here, and we're getting complaints about response time..."
Productivity is a tough one, but it's by far the most important. That's what we get paid for.
A good competition might be to start with a functional test, and just let developers "swing away" at it. Or you might add real world constraints that development organizations want to see, such as requiring 95%+ code coverage with unit tests, keeping complexity below 12, and it must pass lint / pmd / fxcop / other static code analysis tool with no warnings or errors. Maybe it has to pass a code review, too. The functional test would have to pass ensuring it does what it's supposed to do, and maybe it would need to pass a fuzz test to ensure it doesn't break under strain.
And you would need to run different contests for different categories: web apps, services, operating systems, embedded systems, phone apps, etc. Not all problems are created equal.
The biggest threat is with the potential for voter coercion. A voting booth is private: you are isolated from everyone else, and therefore you can't prove you voted one way or another to someone else. But if he's standing behind you while you vote, you can sell your vote, or even be coerced into voting against your will.
My concern on this is that health care has dramatically increased lifespans. More people are dying of cancer because the things that used to kill them no longer do so as often. Yes, i figured they controlled for age, exposure, environment, but even so, it's really hard because melanoma is so slow acting.
Do we know skin cancer is on the rise due to the ozone hole? There are many plausible explanations, so a simple rise in numbers won't cut it.
If we accept the premise that we are in a period of "spiritual malaise" (not that I necessarily know how to measure such a thing, or even that I agree we're in such a period), I still wouldn't agree that "automatization of labor" is the cause. A cell phone or a tablet is not a labor saving device as much as it is a communications and information delivery device, and I don't see that a Facebook relationship enhances or detracts from spirituality. Maybe you can't follow your favorite deity on Twitter, but you can sure find and associate with millions of his or her followers quite easily.
Hey, at least slashdot got it right for once. This truly was "news for nerds".
And nobody else.
You just (sort of) described the VASCO DIGIPASS readers. They're given away by the banks to their customers, and cost less than $20 apiece. The user inserts their card into their own reader. The reader is nothing more than a battery, LCD and 10-key pad the user can trust. Because the user carries it with him or her, they can trust there's no PIN skimmer they have to worry about. And because it's a sealed device, with no data ports and no USB connections, there is not a way for malware to corrupt it.
The user inserts their smart card, enters their PIN, and their card generates a one-time use 8 digit token that authorizes their transaction. The PIN pad does nothing other than display the token. All security and encryption happens on the chip in the card.
I think there's an option to enter the transaction amount as well as the PIN.
The merchant enters the token along with the card number, and the bank knows the user's card plus PIN could have been the only way to generate that token.
The drawbacks are the complexity and the time. Telling a user "put your card in the reader, enter your PIN into the reader, enter the transaction amount in the reader, then type the displayed 8 digit number into the store's PIN pad" is way too confusing for a disturbingly large segment of the population. Even getting people to type 8 digits without making a mistake is also difficult. All these complexities means that using your credit card will take a lot of time, and neither stores nor card brands nor customers want to spend their time on security.
Worse, even this isn't good enough. The token could be stolen by anyone in transit, and used on a different transaction to pay a thief. In an ideal world the user really needs to associate the token with the merchant they're buying from, and that turns out to be very hard. Just posting a sign that says "Here's a 14 digit merchant number you should enter" proves very little. An attacker could place their own sticker on the sign, or display their own 14 digit number on a hacked web site. A barcode is not much good either, because an ordinary human isn't capable of verifying that the stripes actually say "Friendly Store" instead of "Evil Hackers". The user needs a friendly name, plus the ability to spell it. And that's one more piece of complexity that nobody wants to add.
Bottom line: security is too hard for most people to do well.
You know what? That sounds like a very successful test of using iThings for point of sale. Not that the iThing was successful, but I bet your experience helped the retailer understand that those devices sucked for the task. At least temporarily.
POS providers are under constant pressure to "put mobile POS systems in my store" or "the Apple store uses iPods, why can't we?" Apparently every marketer associates being cool with the use of iPhones. They parade a profound lack of knowledge of human interface design, usability, workflow, and productivity as some kind of badge of honor, like "we're breaking through traditions and making our cashiers cool." Then when someone finally runs a real-world test and proves that cashiers will slow down by a factor of five; they have no place for shopping bags, hangers, flat surfaces for folding sweaters, or receipt printers; the sleds triple the bulk and weight of the devices; and the customers are pissed off at the long waits and longer lines, the marketer puts his tail between his legs and slinks back into his cubicle, having failed at the task of bringing "cool iThings" into the stores. The marketing executives blame the failure on the project management, on the project team, or on anything that went wrong, but never seem to learn the failure stems from the limitations of the human interfaces required to actually sell stuff.
Twelve months later, the next fresh face in charge of marketing repeats the cycle. It never ends.
Now get off my lawn.
Your argument makes no sense. You say that Snowden wouldn't have access, yet he clearly had access to hundreds of thousands of TOP SECRET classified documents. And suspicions were raised around Dual EC_DRBG was raised by Bruce Schneier and other cryptographers about 5 years ago, long before Snowden leaked a byte.
The backdoor remains an undemonstrated weakness, as nobody's actually published the key secret numbers that prove it can be exploited. But I am given to understand the math that points to the holes in the origin is pretty damning. Less convincing is "proof" that RSA took money from the NSA to support this algorithm. But given the other documents released by Snowden, and from other glimpses of the security snooping apparatus surrounding us (the reverse engineering of Stuxnet and related malware), there is nothing but support for these arguments.
The thing that comes to the top of my mind is customer throughput and system speed. Public key cryptography works on really big numbers, and RFID technology doesn't exactly operate at blazing megabit speeds. Long ago we tried a smart card (contact) system that took 1500 milliseconds to exchange an RSA encrypted message with the reader at 9600 baud. The four cryptographic exchanges the vendor had the device performing took a total of six seconds, and none of our customers liked it. For a transit system to be effective, a crowd of people needs quick throughput, and even waiting two seconds each for card to authorize might be a deal breaker.
So you really have two choices: great security that is slow and expensive, or good enough security that's fast and cheap, but you need a few more layers of it.
The practical answer is to buy cards that are fast, cheap, and hard to clone (not impossible, just hard), and impose severe penalties for anyone using a cloned card. Put in fraud detection software and systems. Audit the riders occasionally (using police that you already have for safety reasons.) Run cameras (which they have for robberies anyway.) And make sure that fraudsters are prosecuted in the public square as a warning to others. This news article is actually a deliberate part of the security of their system.
It's not that "it's more satisfying", it's simply more practical. (Other than the DEA and others "fighting the war on drugs", I've never met anyone in the criminal justice system who wants more laws for people to break so they can catch more bad guys - there are already more than enough real bad guys to go around.)
In that article the politician was saying that fares are 30% of the revenue used to offset operating expenses, but that excludes any mention of servicing the mortgage on the capital investments, which he argues doubles the actual cost of a ride, meaning fares provide only 15% of the cost of the ride. (I think it's a poor argument, by the way, because it completely ignores the benefits produced by a functioning mass transit system, but that's a giant political debate that we don't need to have here.)
The grandparent was asking "what percentage of the fares goes into collecting the fares?" I assume he's asking questions about the technology, such as installing card validators, issuing cards, having transit police perform random checks, maintenance on the readers, servicing the cash in the ticket machines, etc. For Metro Transit, non-fuel and non-payroll operating expenses are about 85% meaning that the operating cost of everything else (utilities and other is 8.4% and central support is 6%) is 14.4%. No matter what, it's less than the amount of the fares. (I'm excluding transit police labor as they are needed for rider safety instead of just fare collection; even so, they're only about 1% of the labor.)
So how does all this fit in with MiFare cards? Cards with better security would cost more - perhaps double the cost per card, and possibly an upgraded price for the turnstile software would be needed, too. But these criminals were caught with the current system, and after making only a few tens of thousands of dollars. The cost of reissuing new cards could easily go to a million dollars. So far, the cost of fighting fraudulent cards isn't worth the difference in price. Of course, if the criminals were making millions, and if they were never getting caught, then it would be worth the money to replace the cards. Just maybe not today.
How many researchers in a 'shipload'?
I understand your point, except I have yet to see an Internet forum posting that has the same preservation-worthy historical qualities as, say, the Flatiron Building.
What would make more sense is for sites to have a retention policy. "We will delete posts older than five years, unless otherwise marked" or "all posts will be deleted after 365 days of inactivity of the poster's account." Really, it's almost all trash. Saving the lot of it for posterity is quite pointless.
Being nice is generally the key to resolving these things quickly and in your favor. Come in threatening lawsuits, and they'll ignore you until you actually engage a lawyer (at your own expense. )
So to get this variety, what you really need is a network of volunteers with SDRs set up in listening posts around the globe. I think you'll get the most participation by making a solution as turn-key as possible for volunteers. Perhaps what you could do is to wrap up a software package that you could distribute to all these people. It could install the SDR drivers, and run the capture program on the appropriate frequencies. Set up a server where your volunteers can upload their captures. Set up the capture software to automatically upload the data to your server every 24 hours.
You could even consider buying a volume discounted quantity of wideband SDR receivers and distributing them to promising volunteers. Once you're ready, advertise for help on ham forums, or ask for help on the amateur bands.
"Brown stands for the quality of our service".
Actually, this is all part of Jeff Bezos' master plan. They wanted to place a lot of blame on the couriers today, so that the FAA will have no choice but to approve Amazon's request to fly drones next year.
It's a conspiracy, I tell you! Soylent Brown is slow people!! ;-)
Despite the name, a rootkit does not generally refer to a generic "tool for getting root" on an unmodified device.
A rootkit is a certain type of malware that hides itself inside the OS by modifying the OS, preventing userland views of its presence. For example, if you ask the OS for a list of files in a folder because you want to see if you have malware on it, the modified file system will conveniently skip listing the files containing the filesystem modifications. How is an anti-virus program supposed to scan for wormy.dll if the OS never tells it that wormy.dll exists?
The line isn't that simple. iOS already knows when it's been jailbroken. There's even an API for that so that programs that deal with security can refuse to operate if they don't trust the environment. Square Payments won't let you read credit cards on a jailbroken device; AirWatch reports jailbreaking back to corporate servers (I keep an un-jailbroken device around just for reading company email); and even Skype pops up a warning dialog that says "this app is unsupported on a jailbroken device."
Since Apple can detect a jailbroken phone, they could obviously take harsher actions themselves. They could shut the phone down, or make it rapidly eat batteries, or delete your accounts, or do any of a hundred different nasty things to the phone. But they don't. They have arrived at a somewhat unstable cease-fire with the jailbreakers. So Apple, in this weird way, actually has OS level "support" for being jailbroken. They don't treat us as criminals.
And they need to. I own many different iDevices, but I wouldn't have even bought the second if I hadn't been able to jailbreak it. I won't upgrade iOS until there's an untethered jailbreak for it. I seriously never consider buying an iDevice unless I have high confidence that I can jailbreak it the day I buy it. It's all a part of making a deal with the devil: if Apple wants my money, they have to tolerate my jailbreaking their device. And I've heard that somewhere around 30% of iPhones are jailbroken -- that's just way too much money for them to walk away from.
Furthermore, while the jailbreak is considered "untethered", that only means you can reboot the phone without requiring a USB cable to a host computer (an important requirement in my book.) But as far as I know most jailbreaks still initially require the user to connect a USB cable to the device to load a special boot loader that injects the exploit.
The need is relative, of course. I have many Cydia apps that I refuse to give up, including several that are bought-and-paid-for. They include an outgoing firewall, tethering, various music and media controls, photos added to my contact list, PrivaCy, and many specific gestures to control things such as wi-fi and Bluetooth, all of which are banned by Apple.
Even more of a factor is that I have no burning need to rush to iOS7. Most apps that require iOS7 simply don't offer anything compelling to me. I'm not all about the social media, so I don't have many of the popular apps like facebook or twitter installed. Honestly, if Windows phone supported the one important iOS database app I use, I'd consider jumping ship entirely (assuming Windows phones can be tweaked and or hacked to do the same things, something I haven't needed to research yet.)
All of them, AFAIK. Cell connections are like potato chips to the FBI - they can't stop at just one.
Actually, that was the job of the old CARNIVORE system - to sniff all the data, but then to get rid of the data that didn't pertain to the target of the investigation. We all mocked it, but at least back then they were trying to respect the privacy of citizens. Nowadays, it's just easier to classify everything and not answer all those pesky questions.
A 70 bit asymmetric key is just as trivial as a 64 bit key - keylength.com won't even calculate an asymmetric key shorter than 384 bits, which it equates to 56 bit DES in 1981. I'm guessing based on the 24-graphics-card hash cracker's capabilities that he could factor this number in well under 1 second.