The one thing I don't understand about warrant canaries is, what is the end game? Suppose I am a company that makes some kind of security product and I have a warrant canary posted on my website. If the government really doesn't like what I am doing they can just rustle up a warrant to get something from me, then I take down the canary and everyone stops using my system, effectively destroying it. How does that help anyone? It just exposes an easy button to DoS you.
Symmetric ciphers like AES are constructed in a fundamentally different way compared to public-key ciphers. Symmetric ciphers rely on confusion and diffusion, shuffling and mixing the bits of the input in such a way that it is very difficult to recover the plaintext unless you know the key that parameterized the process. Security is based on the complexity and non-linearity of the operations, but they are essentially very "messy" in how they transform plaintext into ciphertext. Take a look at a diagram describing AES and you will see what I mean.
Public-key ciphers on the other hand are conceptually simple but rely on the hardness of some fundamental mathematical operation, e.g. factoring, discrete log, etc. It turns out that there are quantum algorithms to solve some of these problems efficiently. It also turns out though that there is something called Grover's algorithm, which actually does let quantum computers break symmetric crypto faster than a standard computer. Fortunately, it only turns O(N) work into O(sqrt(N)), which is not that bad. Effectively this means that AES-128 only has 64 bits of security against a quantum computer, and AES-256 only has 128 bits.
Did you know that a large part of the linux kernel was developed by the NSA? Sometimes government organizations actually do things to help their citizens, as is their mandate. The source code for both is available for you, and everyone else, to peruse if you don't trust it.
This is an especially important topic given that new technology like Intel's SGX processors stand to allow 'uncrackable' DRM. Current DRM is like hide and go seek: parts of the software are encrypted on the disk and the decryption routine is obfuscated and hidden in the binary to make it as difficult as possible for people to intercept the key and copy it. However up until now, at the end of the day there has to be an encryption key somewhere that decrypts the software to run on your machine.
SGX, on the other hand, allows encrypted code to run in a hidden 'enclave' on your processor that cannot be observed even by the operating system. The key can never be observed in the clear, unless the physical protections imposed by Intel are circumvented. That is not to say that there won't be some vulnerability or exploit against SGX that might let people break into it, but for the first time there will be the possibility of theoretically uncrackable DRM.
It is more about it being the rule that when a police officer kills an unarmed black man they are almost never held accountable. That is a rule. You can argue a case here or a case there, but it is literally almost unheard of for a police officer to be fired let alone prosecuted for killing an unarmed black person. Even when they are caught on video using an illegal choke hold against a man who is not resisting, or shoot a guy trying to pull out his wallet after he said "I am about to pull out my wallet."
You should might consider moving to North Korea, their justice system seems to align a lot closer with your world view. Fortunately in the US that is not how we do things.
The proposal is to redact subdomains in the certificate log. That won't impact security at all, but will solve this problem. You can still see if a CA issued a certificate for a domain that they shouldn't. The only time this could lead to confusion would be if you own a domain for which you have multiple subdomains with certificates signed by different authorities, which probably doesn't (or shouldn't) happen.
I take it you are the one that posted a reply on the SANS site about okTurtles? You should probably know how it actually works before you endorse it because it is broken, according to Namecoin developers who make the technology that it uses.
Second, you are effectively posting off-topic because a blockchain solution will not address the problem from the article AT ALL. Namecoin, on purpose, makes all of the certificates public. Certificate transparency is a key feature of any blockchain-based solution. People will still see all the domains for which certificates have been issued.
It's really easy to say that when you are among a segment of the population that is targeted the least. I don't think that you deserve to be judged based on your beard, but remember that you can shave that if you want. Black people can't turn their skin white. Any thing you could be judged on also applies to others, but they have to ALSO deal with racism, sexism, etc. Accept that you will never know what it is like to be a minority and move on to trying to empathize.
Nothing in society today can be described as "natural". Most people defy 10 laws of nature before breakfast. Societal norms and expectations are created by us, and can be changed by us. Women are prevalent in some professions because they have been told their entire lives that those are proper jobs for women, then all their role models have those professions so the cycle continues. In your parlance, it is not natural selection but selective breeding.
Because, believe it or not, people don't pretend to be other genders so they can peek on people in the bathroom or get some type of slight societal advantage. Also, tell me with a straight face that you would rather be a black women than a white man in America today.
You don't see discrimination because you aren't the one being discriminated against. It is not like a professor will say, "women shouldn't be programmers and I hate black people," although I have actually heard one say that women weren't as good at programming as men and also another actually tell a student that they shouldn't pick a Chinese person for a partner in a class project. It is more often small microaggressions that make the classroom into an uncomfortable place: making a sexist joke because the professor is used to classrooms with only male students, not calling on minorities because he has an unconscious assumption that they don't know the answer, disparaging students when they have problems understanding, etc.
You realize that the guy you are referencing just went to wikipedia and copied a number of studies that appear support his claim, without including the overarching summary written there that basically said, "these studies are examples of bad science." Think for yourself some time maybe.
It's nice that you pulled the papers from Rumney (2006) that agree with your worldview, but you ignore the actual conclusions from that meta study itself. Police judgement of "no crime" does not mean that it was a false accusation, only they they chose to stop investigating it. That could mean there wasn't enough evidence, or the police arbitrarily decided they didn't give a shit (which is why all the studies you link are quite old, when rape was taken less seriously). There is no way to judge from those studies what the rate of false accusations is. Nice try though. I especially like the part where in the Maclean study he deems one instance a false allegation because the victim didn't look "disheveled" enough to have been raped. Solid science there.
Slashdot Mirror
The one thing I don't understand about warrant canaries is, what is the end game? Suppose I am a company that makes some kind of security product and I have a warrant canary posted on my website. If the government really doesn't like what I am doing they can just rustle up a warrant to get something from me, then I take down the canary and everyone stops using my system, effectively destroying it. How does that help anyone? It just exposes an easy button to DoS you.
There are plenty of well tested, strong crypto systems that were developed independently of them to choose from.
Which are these exactly?
Symmetric ciphers like AES are constructed in a fundamentally different way compared to public-key ciphers. Symmetric ciphers rely on confusion and diffusion, shuffling and mixing the bits of the input in such a way that it is very difficult to recover the plaintext unless you know the key that parameterized the process. Security is based on the complexity and non-linearity of the operations, but they are essentially very "messy" in how they transform plaintext into ciphertext. Take a look at a diagram describing AES and you will see what I mean.
Public-key ciphers on the other hand are conceptually simple but rely on the hardness of some fundamental mathematical operation, e.g. factoring, discrete log, etc. It turns out that there are quantum algorithms to solve some of these problems efficiently. It also turns out though that there is something called Grover's algorithm, which actually does let quantum computers break symmetric crypto faster than a standard computer. Fortunately, it only turns O(N) work into O(sqrt(N)), which is not that bad. Effectively this means that AES-128 only has 64 bits of security against a quantum computer, and AES-256 only has 128 bits.
Did you know that a large part of the linux kernel was developed by the NSA? Sometimes government organizations actually do things to help their citizens, as is their mandate. The source code for both is available for you, and everyone else, to peruse if you don't trust it.
Pretty sure most people are worried about attackers other than the government.
This is an especially important topic given that new technology like Intel's SGX processors stand to allow 'uncrackable' DRM. Current DRM is like hide and go seek: parts of the software are encrypted on the disk and the decryption routine is obfuscated and hidden in the binary to make it as difficult as possible for people to intercept the key and copy it. However up until now, at the end of the day there has to be an encryption key somewhere that decrypts the software to run on your machine.
SGX, on the other hand, allows encrypted code to run in a hidden 'enclave' on your processor that cannot be observed even by the operating system. The key can never be observed in the clear, unless the physical protections imposed by Intel are circumvented. That is not to say that there won't be some vulnerability or exploit against SGX that might let people break into it, but for the first time there will be the possibility of theoretically uncrackable DRM.
lol okay, good stuff dude. That's actually called fascism. It sounds like you might fit better in North Korea, have fun we won't miss you.
That link doesn't work, and also come on just reading the title makes me vomit in my mouth a little.
So you are saying that the adult cops were outsmarted by a 14 year old, and that we should not put any blame on them?
It is more about it being the rule that when a police officer kills an unarmed black man they are almost never held accountable. That is a rule. You can argue a case here or a case there, but it is literally almost unheard of for a police officer to be fired let alone prosecuted for killing an unarmed black person. Even when they are caught on video using an illegal choke hold against a man who is not resisting, or shoot a guy trying to pull out his wallet after he said "I am about to pull out my wallet."
You should might consider moving to North Korea, their justice system seems to align a lot closer with your world view. Fortunately in the US that is not how we do things.
I imagine the standard will account for this by only subdomains lower than whatever the level of an "owned" domain is, but thanks for pointing it out!
The proposal is to redact subdomains in the certificate log. That won't impact security at all, but will solve this problem. You can still see if a CA issued a certificate for a domain that they shouldn't. The only time this could lead to confusion would be if you own a domain for which you have multiple subdomains with certificates signed by different authorities, which probably doesn't (or shouldn't) happen.
I take it you are the one that posted a reply on the SANS site about okTurtles? You should probably know how it actually works before you endorse it because it is broken, according to Namecoin developers who make the technology that it uses.
Second, you are effectively posting off-topic because a blockchain solution will not address the problem from the article AT ALL. Namecoin, on purpose, makes all of the certificates public. Certificate transparency is a key feature of any blockchain-based solution. People will still see all the domains for which certificates have been issued.
What are you even referring to? I have no idea who you are talking about.
It's really easy to say that when you are among a segment of the population that is targeted the least. I don't think that you deserve to be judged based on your beard, but remember that you can shave that if you want. Black people can't turn their skin white. Any thing you could be judged on also applies to others, but they have to ALSO deal with racism, sexism, etc. Accept that you will never know what it is like to be a minority and move on to trying to empathize.
Nothing in society today can be described as "natural". Most people defy 10 laws of nature before breakfast. Societal norms and expectations are created by us, and can be changed by us. Women are prevalent in some professions because they have been told their entire lives that those are proper jobs for women, then all their role models have those professions so the cycle continues. In your parlance, it is not natural selection but selective breeding.
Because, believe it or not, people don't pretend to be other genders so they can peek on people in the bathroom or get some type of slight societal advantage. Also, tell me with a straight face that you would rather be a black women than a white man in America today.
Who said anything about legally?
You don't see discrimination because you aren't the one being discriminated against. It is not like a professor will say, "women shouldn't be programmers and I hate black people," although I have actually heard one say that women weren't as good at programming as men and also another actually tell a student that they shouldn't pick a Chinese person for a partner in a class project. It is more often small microaggressions that make the classroom into an uncomfortable place: making a sexist joke because the professor is used to classrooms with only male students, not calling on minorities because he has an unconscious assumption that they don't know the answer, disparaging students when they have problems understanding, etc.
You realize that the guy you are referencing just went to wikipedia and copied a number of studies that appear support his claim, without including the overarching summary written there that basically said, "these studies are examples of bad science." Think for yourself some time maybe.
It's nice that you pulled the papers from Rumney (2006) that agree with your worldview, but you ignore the actual conclusions from that meta study itself. Police judgement of "no crime" does not mean that it was a false accusation, only they they chose to stop investigating it. That could mean there wasn't enough evidence, or the police arbitrarily decided they didn't give a shit (which is why all the studies you link are quite old, when rape was taken less seriously). There is no way to judge from those studies what the rate of false accusations is. Nice try though. I especially like the part where in the Maclean study he deems one instance a false allegation because the victim didn't look "disheveled" enough to have been raped. Solid science there.
But they replaced the board with a bunch of people that are well known proponents of privacy and not exactly friends of the federal government...
Because they're making a claim of criminal guilt
Where did they say that?
You are clearly not familiar with Bruce Schneier.