the point is: Try to minimize the amount of mistakes you can do. Defaults of "encrypt everything" and "backup everything" do not hurt. And security experts should have considered this.
> There is no expectation to privacy if you are using a device other than your own. This isn't true. Of course you have a way worse standing on a stolen laptop than when you use another pc without commiting a crime first, but the owner is still not allowed to do this.
> He didn't "hack the account" as far as I could tell, by the way. It sounded more like a remote desktop thing. And exactly this is something, you are not allowed to do. Even at the workplace, this is only allowed, if it is explicitely stated in your contract. Else you have an expectation of privacy.
And the court... i guess the thief will not try to sue you, but he could. Another thought... if you use this sessions as proof, aren't they fruit of the poisoned tree? I am not that used to this.
Yeah, of course there is a great overlap. The trade off is, that you need an art to have beautiful code, but you need craftmanship to decide NOT to use the elegant code, but the fast one. Or not to write a clever loop with pointer calculations, but just copy&paste the line three times. You always need to decide if theres the place for the most beautiful code or for one that works and can be understood without having read many cs books. Wasn't Knuth the guy, who wrote "i did not test it, i only proven it to be correct"? The craftsman looks at it an when it looks like it's correct, he tests it. The artist creates a proof, but when you use his code you need to see the pitfalls yourself, when you want to extend his great ideas.
It's a bit complicated depending on what and how it is done and what the intention is. For example if somebody checks his e-mails on your pc, that's no argument that you may log his password. Even when it's your pc.
> You see it doesn't matter that it is a crime, for most people it only matters if you will be persecuted for the crime, which is not a problem here. This may be true, but what they are doing is still illegal and there is no minus by minus is plus rule for crimes.
> Stealing the laptop is a crime. Remotely accessing the thief's facebook account is a crime. This.
> So my next thought was perhaps you are just morally against crimes being committed as the basis for your post. I am against using one crime to justify another and i am against self-justice. I am not against the prosecution of any of the two crimes.
> Perhaps you feel it is to take place of a warning to the laptop owner, although I think we both know he will not actually see your post most likely. People, who may think they do the same, when their laptop is stolen may read it. But this doesn't really matter, we're here for discussion, not for personal advice. Most the time.
> So could you enlighten us on the actual purpose of your post, so assumptions don't need to be made? If you want enlightement, i recommend being religious;-)
i set the "hacking" in quotes, but the important part is, that you're not allowed to use the account. Just because i don't lock my door, you are still not allowed to steal my stuff.
The rpi does not have usb at all. It emulates it on the processor level, which is why its slow and instable. I guess USB3 will never be possible this way.
And of course usb3 specs allow a lot more power over usb, which isn't possible with a pi.
No, the problem is, you try to seperate, what seems important and confidential to you. And there is the mistake. Because it requires you to think about what's confidential all the time.
Why would you encrypt/home and not/? Is there any reason preventing / encryption? No.
So you install your system, make a checkmark at "full encryption" and enter a reasonable password (here you can make tradeoffs and choose one you can remember without tools). Next you don't need to think too much while using it. Your top-secret documents stay at your most secure system, but that's obvious. But reading some private e-mails won't hurt now, because if they are left in the cache in your firefox profile or in the swap space or in some automated backups... they are all equally on an encrypted disk.
Good security lowers the amount you need to think about it. If you need to decide what ends up in your backup, you may forget something important. If you backup everything, you will have everything and cannot forget something important. The same applies for encryption.
What's your point? It's not legal either. Call it what you like. Hacking or similiar verbs are what judges say, when they hear, that somebody does this remotely.
If he's an computer security expert, he knows that there is no such thing as "non security relevant pc", because you always leave traces of your personal data (and if its only your favourite gaming site).
Even when the laptop is stolen, "hacking" the thiefs facebook account and monitoring the computer usage of other people (without some work contract allowing this) is a crime.
What WhatsApp does is reducing their E2E security to the security level of TLS. This means nobody can read the content except the server. With TLS, because its plaintext there, with WhatsApp because they can change the crypto keys and nobody cares (and most people do not even the the message). When you accept, that it's only transport security but not end-to-end anymore, you can use a lot more messengers, as most use TLS (i.e. because apple forces them to do).
Have a look at mailbox.org. The people there are really competent for mail. posteo is another good option, they e.g. published their dovecot plugin to decrypt mails on access to store them safely.
Put some javascript in your page and let google host a copy of your page.
AMP done right: Restrict to a subset of HTML without scripts, canvas, etc. and rely on mobile browsers to optimize for it. If you want to, introduce a new doctype for AMP-HTML.
Javascript is usable and okay for client side scripting, but the "why it works the way it does" isn't reasonable in many many cases. You get used to it, you can work with it and it's not too hard to remember the WTFs, but they are there. Seems the WtfJS page is down, but there are many interesting things in js, like weird truth tables and so on. Somebody even proved, that you can convert any script in a series of special characters like [](); without any letter a-z to avoid detection when trying xss.
It doesn't really matter. But on github you have a chance, they find them by themself. If you want to put them in a resume, just put all relevant urls there. The really relevant stuff doesn't need a url anyway, because they already know the name of the software.
Then you can pay someone who can or learn to code. Coders did the same. For the same reason... they wanted some software they could not create without coding.
Slashdot Mirror
you do never want people to know your private stuff. And if it's only, that you're utterly boring.
the point is: Try to minimize the amount of mistakes you can do. Defaults of "encrypt everything" and "backup everything" do not hurt. And security experts should have considered this.
> There is no expectation to privacy if you are using a device other than your own.
This isn't true. Of course you have a way worse standing on a stolen laptop than when you use another pc without commiting a crime first, but the owner is still not allowed to do this.
> He didn't "hack the account" as far as I could tell, by the way. It sounded more like a remote desktop thing.
And exactly this is something, you are not allowed to do. Even at the workplace, this is only allowed, if it is explicitely stated in your contract. Else you have an expectation of privacy.
And the court ... i guess the thief will not try to sue you, but he could. ... if you use this sessions as proof, aren't they fruit of the poisoned tree? I am not that used to this.
Another thought
Yeah, of course there is a great overlap. The trade off is, that you need an art to have beautiful code, but you need craftmanship to decide NOT to use the elegant code, but the fast one. Or not to write a clever loop with pointer calculations, but just copy&paste the line three times. You always need to decide if theres the place for the most beautiful code or for one that works and can be understood without having read many cs books.
Wasn't Knuth the guy, who wrote "i did not test it, i only proven it to be correct"? The craftsman looks at it an when it looks like it's correct, he tests it. The artist creates a proof, but when you use his code you need to see the pitfalls yourself, when you want to extend his great ideas.
It's a bit complicated depending on what and how it is done and what the intention is. For example if somebody checks his e-mails on your pc, that's no argument that you may log his password. Even when it's your pc.
> You see it doesn't matter that it is a crime, for most people it only matters if you will be persecuted for the crime, which is not a problem here.
This may be true, but what they are doing is still illegal and there is no minus by minus is plus rule for crimes.
> Stealing the laptop is a crime. Remotely accessing the thief's facebook account is a crime.
This.
> So my next thought was perhaps you are just morally against crimes being committed as the basis for your post.
I am against using one crime to justify another and i am against self-justice. I am not against the prosecution of any of the two crimes.
> Perhaps you feel it is to take place of a warning to the laptop owner, although I think we both know he will not actually see your post most likely.
People, who may think they do the same, when their laptop is stolen may read it. But this doesn't really matter, we're here for discussion, not for personal advice. Most the time.
> So could you enlighten us on the actual purpose of your post, so assumptions don't need to be made? ;-)
If you want enlightement, i recommend being religious
i set the "hacking" in quotes, but the important part is, that you're not allowed to use the account. Just because i don't lock my door, you are still not allowed to steal my stuff.
The rpi does not have usb at all. It emulates it on the processor level, which is why its slow and instable. I guess USB3 will never be possible this way.
And of course usb3 specs allow a lot more power over usb, which isn't possible with a pi.
No, the problem is, you try to seperate, what seems important and confidential to you. And there is the mistake. Because it requires you to think about what's confidential all the time.
Why would you encrypt /home and not /? Is there any reason preventing / encryption? No.
So you install your system, make a checkmark at "full encryption" and enter a reasonable password (here you can make tradeoffs and choose one you can remember without tools). Next you don't need to think too much while using it. Your top-secret documents stay at your most secure system, but that's obvious. But reading some private e-mails won't hurt now, because if they are left in the cache in your firefox profile or in the swap space or in some automated backups ... they are all equally on an encrypted disk.
Good security lowers the amount you need to think about it. If you need to decide what ends up in your backup, you may forget something important. If you backup everything, you will have everything and cannot forget something important. The same applies for encryption.
What's your point? It's not legal either. Call it what you like. Hacking or similiar verbs are what judges say, when they hear, that somebody does this remotely.
But craftmanship.
If he's an computer security expert, he knows that there is no such thing as "non security relevant pc", because you always leave traces of your personal data (and if its only your favourite gaming site).
Even when the laptop is stolen, "hacking" the thiefs facebook account and monitoring the computer usage of other people (without some work contract allowing this) is a crime.
And 68% thought, that admitting to watch pirated content could get them sued.
... why they are valued $5 billion?
What WhatsApp does is reducing their E2E security to the security level of TLS. This means nobody can read the content except the server. With TLS, because its plaintext there, with WhatsApp because they can change the crypto keys and nobody cares (and most people do not even the the message).
When you accept, that it's only transport security but not end-to-end anymore, you can use a lot more messengers, as most use TLS (i.e. because apple forces them to do).
Have a look at mailbox.org. The people there are really competent for mail. posteo is another good option, they e.g. published their dovecot plugin to decrypt mails on access to store them safely.
Put some javascript in your page and let google host a copy of your page.
AMP done right:
Restrict to a subset of HTML without scripts, canvas, etc. and rely on mobile browsers to optimize for it. If you want to, introduce a new doctype for AMP-HTML.
Of course. So put the urls YOU deem relevant into your resume.
Nope. Just open two terminals:
$ nc -vlp 2000 #first terminal
$ nc 0.0.0.0 2000 # second terminal
listening on [any] 2000 ...
connect to [127.0.0.1] from localhost [127.0.0.1] 47888
Javascript is usable and okay for client side scripting, but the "why it works the way it does" isn't reasonable in many many cases. You get used to it, you can work with it and it's not too hard to remember the WTFs, but they are there. Seems the WtfJS page is down, but there are many interesting things in js, like weird truth tables and so on. Somebody even proved, that you can convert any script in a series of special characters like [](); without any letter a-z to avoid detection when trying xss.
It doesn't really matter. But on github you have a chance, they find them by themself.
If you want to put them in a resume, just put all relevant urls there. The really relevant stuff doesn't need a url anyway, because they already know the name of the software.
Then you can pay someone who can or learn to code. Coders did the same. For the same reason ... they wanted some software they could not create without coding.
Go and make some offer to pay somebody to do it. Then you will get it and you can decide to open source it.
Or are you asking for free work done for exposure?