You didn't RTFA. The key that gets wiped is stored in flash. So you back up the flash, make your attempts, then restore the flash and try some more. Repeat until success.
That doesn't mean we can count on that to continue.
No it doesn't. But there is no reason to mess it up.
There is reason to fix it. I misspoke when I said we can't count on the stable period to continue. What I should have said is that we can count on it to end.
Double bah. I work with other engineers in their 60s and early 70s, all gainfully and productively employed writing code. My time will come when I choose to retire, and not before. Or maybe at some point I'll choose to move to management, but, again, not until and unless I decide to.
If you're over 30, you're far more likely to be replaced in the next 5-10 years by some wet-behind-the-ears punk than by a robot. And if you're in your 40s and still coding, the market says you're well past your "best before" date.
Bah.
I'm nearly 50, and if anything my marketability is growing faster than at any time in my career.
That doesn't mean we can count on that to continue. We know the entire planet has been covered in ice, and we know it's been much hotter than it is. We also know that it has changed very rapidly (much faster than what we're seeing now). We're probably capable of putting up with whatever it does without destroying civilization, but sufficiently large changes could be really hard to adapt to. Instead, we should stabilize it.
How do you prove that the evidence was not altered if the original is destructed?
Testing a DNA sample is also destructive, as are many other forensic tests. The key is that you have a disinterested technician performing the analysis, documenting each step in the process, and later testifying about it. If necessary, you can also keep recordings of the whole process, and subject those to chain-of-custody rules. If you really, really want to be careful, you allow the defense to provide their own expert witness who observes the entire process.
In addition, the process I described specifically does not destroy the original. The flash chips with the original encrypted data are intact, and so is the shaved CPU with visible microfuses. A defense expert can actually reconstruct the extraction and decryption process. There's still the possibility that the bits you read out of the CPU actually weren't the key but some other random thing, which is where those information-theoretic arguments I mentioned come in.
This is actually pretty easy to make ironclad, completely challenge-proof, and the fundamental ideas are no different from those used in any forensic analysis.
if the answer is not in the book, or computer or neighbor... then your teacher is just a sadistic asshole.
Heh. My favorite math prof used to give "open anything inanimate", take-home exams. Each consisted of exactly eight problems, all of the form "Prove or disprove <statement>", and they were handed out on Monday of finals week, and due on Friday (some people asked for more time, but he said he didn't want to ruin our weekends). They were awesome, requiring deep understanding of the material but all of them were actually within the grasp of a good student. I never found any of them in any book; he created them all himself, I think. Most students only managed about 50%, but a few from each class managed 100% -- with 10+ hours of work.
I don't think he was a sadist at all and definitely not an asshole. Those exams not only really showed who did and didn't understand the material, but they did an extraordinary job of cementing and combining the course's key elements in the minds of the students. Not as a replacement for homework, mind. If you hadn't been doing your homework there was no way you'd pass the exam unless you were a Ramanujan or something.
I thought they were also great fun. I remember endless hours of staring at the ceiling while rotating the pieces around in my head, until finally they clicked and I saw how to prove the statement or construct a counterexample. My wife (just recently married) was startled the first few times I shouted "YES!" and started jumping up and down after hours of staring and aimless pacing, interspersed with occasional scribbling. She got used to it, though. Thinking back makes me want to go take some more classes from him (we remain friends today, some 25 years later).
If there is a warming trend, human caused or not, we should be dealing with the evacuations and necessary work to deal with rising sea levels.
And we should be researching methods for cooling the planet.
Earth's climate has never been particularly stable. Unless we want to be forever dealing with its fluctuations we need to learn how to engineer the climate we want. Now seems like a perfect time to take the next steps I say "next" because we've already taken the first steps; we've learned how to warm the planet, though perhaps not in the most controlled or efficient way.
Confirmation bias, plus a common third factor: both Chinese restaurants and animal hospitals seek low-cost commercial real estate, so they end up in strip malls.
Did anyone else get annoyed while reading the summary that the number of workers who received (trivial) radiation doses is 32760, rather than 32768? I mean, it's so close to a very nice, round number, but not quite there.
The part that is fundamentally wrong, is the whole real name thing.
That makes no sense. If that were the issue, why is Facebook successful? Google+ rolled back the real name policy after a year or so, while Facebook has kept it, and yet Facebook is huge.
Another viewpoint: I really like Google+. It's by far my favorite "social" network. I put social in quotes because I think the key thing to understand about Google+ is that it isn't a social network so much as it's an interest network. It is for me now what USENET was 20 years ago, the place I go to talk to like-minded people about the things I'm interested in. It's better than USENET, though, because most of the newsgroups didn't have the moderation features needed to keep the signal to noise ratio high. I find I have a lot of really great conversations on G+.
I saw a post (on Google+, actually) that captured it pretty well: Twitter is for following celebrities. Facebook is for following your family and friends. Google+ is for following your interests. I also use it a little as a social network, but mostly I'm in a bunch of communities and follow a bunch of people who do and talk about things I find interesting. Relatively few of them are people I've ever met in real life. However, there are a handful of people I met through G+ who have become really good friends. We've met in real life, and even hung out with each others' families and stayed in each others' homes when traveling. That's a strong indicator of the depth of conversations that I have on G+.
Full disclosure: I'm a Google engineer, so I have a bias in favor of Google products. I also have a deep dislike of Facebook which probably isn't entirely rational any more. I say "any more" because that dislike is based largely on things Facebook did in the past and which I don't think they'll do again. I will probably give Facebook another shot, because it's the way my extended family stays in touch (lots of them are also on G+, but I think that's mainly because I am).
the whole point of the FBI query is so they can maintain a legal chain of evidence in extracting the data. Everyone KNOWS the NSA can crack this by disassembling the hardware, but that method is not admissible in court.
Cite?
I see absolutely no reason that disassembling the hardware breaks the chain of evidence. Said disassembly just has to be done by experts who will testify to the steps they used to extract the data and that the device was not out of their control. The NSA might not want to testify to the means used, I suppose, but I don't see why not because this is a really straightforward process. It requires specialized skills and tools, but nothing not present in many university research labs.
1. Remove the flash chips and connect them to a controller to copy the contents (which are encrypted).
2. Remove the CPU, and shave off the cladding to expose the silicon wafer inside.
3. Shave layers of silicon off to expose the non-volatile storage containing the key (likely micro fuses, which are relatively large compared to other features).
4. Use an electron microscope to read out the key bits.
5. Combine all possible passwords with the key bits in the manner done by Apple's software to produce all possible candidate encryption keys.
6. Perform trial decryptions of the data obtained in step 1 with all of the keys to see which one works. Or Apple may have another mechanism to determine if the key is correct[1].
There's nothing here that requires secret knowledge, and nothing that would somehow break the chain of custody. Before you can do this on the target phone you need to do it on a few others so you can identify the location of the key in the silicon. After you're done, you may also need to make some information theoretic arguments about the possibility that you screwed up and found something that wasn't the key but still produced plaintext that looked like actual data. Those are very easy.
So, no, this isn't about chain of evidence. For that matter, it's unlikely that any data on the device would ever be used to prosecute anyone anyway. The (purported) goal here is to get leads that may identify other conspirators, and if that were to happen it would almost certainly be other evidence, found as a result of following those leads, that would be used to prosecute the other conspirators. The "fruit of the poisoned tree" issue that comes up with illegally obtained information wouldn't apply, because the leads wouldn't be illegally obtained. There are no legal obstacles to the FBI extracting whatever they can get out of this phone.
[1] A common technique to determine whether the password-derived key is the correct one is to store a secure hash of the derived key alongside the encrypted data. This makes it easy to check whether the derived key is the correct one, but unless the hash is broken to the point of being reversible doesn't provide an attacker with significant information about the key, especially if the hash space is significantly smaller than the keyspace (e.g. 32-bit hash of a 256-bit key). Android device encryption uses this technique to check if your entered password was correct.
Another nice improvement the winners made above the requirements was that Google asked for 230 or 240 VAC output, but the winning device provides 240 VAC split phase, which means it can also be used to provide two legs of 120 VAC. Not that it's terribly hard to add a 240 VAC -> 120 VAC transformer, but with this design there's no need.
I somehow missed that there were ten tredecillion (10 billion trillion trillion trillion) people on the Earth[1]. That's 20 nonillion people per square meter of land area, and at the average human mass of 62 kg, means the human population of Earth masses 530 times as much as the galaxy! Damn. Population growth is really out of control.
I get that you were exaggerating for effect, but learn something about large/small numbers, will you? Exaggerating by a couple orders of magnitude is fine, but 35 orders of magnitude is just ridiculous.
[1] Note that this figure assumes that there is only one person in existence who would do this, which would be wildly optimistic even if this incident were unique, which it isn't.
To wit the answer must be: "We re-architected our security hardware and no longer possess the *capability* to circumvent query limit and delay."
They probably already did this in the 5S and later. The 5C does not have the "secure enclave" chip, which means there is no secure hardware on the device, all of the security is implemented in software.
Also, it should be pointed out that the signed software approach is quite secure against anyone who doesn't have the software signing keys, or the capability to compel the holder of the signing keys. That's actually just fine if the goal is to defend the data from access by private snoops (e.g. spouses, even technically sophisticated ones, corporate espionage, etc.) and criminals.
Consumer devices will never be secure against state actors with unlimited funds and sufficient motivation (e.g. NSA, GCHQ, Mossad, etc.), so really the only cases where the approach is inadequate are cases where (a) the owner of the signing keys (Apple) wants the data or (b) a government with the power to compel the owner of the signing keys wants the data. Apple has no reason to prevent their own ability to circumvent (though they do need to protect against use of this ability by rogue employees), since they know their financial interest is strongly on the side of securing the data, and legitimate companies generally do not expend effort on securing data against law enforcement officials of democratic regimes that have due process and rule of law.
Indeed, although the 5S and the 6-series probably do make it impossible for Apple to comply with similar demands for those devices, I really doubt that was the rationale for adding the security chip. I'm the lead engineer for similar components on Android, and while I've been pushing to include a secure element chip for some time, the rationale has never been to keep US courts from being able to compel access, it's always been about strengthening security against corporate espionage (which signed software solutions do address, but not completely) and to make penetration costlier for oppressive governments and intelligence services. I say "costlier" since they can't really be kept out completely.
I'm not certain that the secure enclave actually keeps Apple from being able to comply with this sort of request, either. I expect that the software in that device is also field-upgradable, since there are compelling practical and security reasons for enabling upgrades. Bugs are always a risk, and being able to fix them is a really good thing. But if the software can be upgraded, then it can be "upgraded" to remove security features. This can be limited in various ways; it's common, for example, to have secret keys burned into hardware which simply cannot be extracted by software because the software never has direct access to them, and any security that derives from the secrecy of such keys can't be subverted by software changes. But brute force mitigation possibly can be upgraded away, even with the secure enclave chip.
The bottom line here is that these are really hard engineering problems. Not that it's hard to design so that key components are non-updatable... that's easy. But it's also very risky, because it leaves you without any options when said components turn out to have problems. I think it's flat wrong to characterize Apple engineers' failure to secure the 5C against Apple as any kind of incompetence, which is your clear implication.
Cryptography advances outside of the US made the point moot by early nineties, and the export-restrictions were dropped. But they weren't "stupid" — except, maybe, for the very last year or two.
Yes, they were stupid. There were no significant cryptographic primitives in use in the US about which full details hadn't been published, or indeed, of which implementations weren't available worldwide. Many of the "export-grade" ciphers were the same ciphers used in the US, just with arbitrary restrictions on key length.
There was no point in time where encryption tools available to US corporations and citizens were significantly better than tools available outside of the US.
That was kinda my point; the poor sap has done nothing wrong but still feels the need to go for "immunity".
The poor sap has no idea if he did anything wrong. He knows he never intended to do anything wrong but who knows what mistakes he might have made, or what things he might say that could be used to find something against him? https://www.youtube.com/watch?...
Alternatively, maybe it wasn't that he felt he needed immunity, but he just didn't want to talk. Without immunity, he could always just plead the fifth, saying that he didn't want to talk on the grounds that he might incriminate himself (see previous point... he doesn't actually have to believe he did anything wrong for it to be the case that he might incriminate himself). By granting him immunity, the DoJ removes his ability to refuse to testify. If he won't tell them what he knows now, they'll haul him in front of the judge and have him up on contempt charges.
How fucked-up a "justice" system is that?
I don't see how any system could be significantly different in this respect without being worse. The laws and regulations could be simpler, which could make it easier to know if you've committed a crime, but, as the ultimate example in that video I linked points out, that really doesn't matter. Something which is absolutely true and could not possibly incriminate you could still cause you trouble in court (see 21:35 in the video).
Buffer Sees Clear Benefits To Transparent Employee Salary Policy
We now have intelligent buffers handling HR stuff? Cool.
The summary doesn't make it very clear, but they're talking about Emacs buffers, using hr-mode 6.2.9 (though XEmacs users are stuck on 5.9.x, because 6.0 introduced a reliance on an obscure new feature of Tramp which doesn't work on XEmacs yet). Supposedly 6.3 will bring integration with org-mode and ceo-mode, allowing essentially all business operations to be automated. That's been promised for years now, though, so I'm not holding my breath.
Slashdot Mirror
You didn't RTFA. The key that gets wiped is stored in flash. So you back up the flash, make your attempts, then restore the flash and try some more. Repeat until success.
That doesn't mean we can count on that to continue.
No it doesn't. But there is no reason to mess it up.
There is reason to fix it. I misspoke when I said we can't count on the stable period to continue. What I should have said is that we can count on it to end.
If, eventually, a computer can do whatever a human can do, and do it better, what is the point of human existence?
Man is that he might have joy.
Knives don't really replace chewing, fire does that.
Well, knives do make it a little easier to get the mammoth over the fire.
Don't worry - your time will come. :-(
Double bah. I work with other engineers in their 60s and early 70s, all gainfully and productively employed writing code. My time will come when I choose to retire, and not before. Or maybe at some point I'll choose to move to management, but, again, not until and unless I decide to.
If you're over 30, you're far more likely to be replaced in the next 5-10 years by some wet-behind-the-ears punk than by a robot. And if you're in your 40s and still coding, the market says you're well past your "best before" date.
Bah.
I'm nearly 50, and if anything my marketability is growing faster than at any time in my career.
Earth's climate has never been particularly stable
The stability of the last 10,000 years birthed civilization : http://www.skepticalscience.co...
That doesn't mean we can count on that to continue. We know the entire planet has been covered in ice, and we know it's been much hotter than it is. We also know that it has changed very rapidly (much faster than what we're seeing now). We're probably capable of putting up with whatever it does without destroying civilization, but sufficiently large changes could be really hard to adapt to. Instead, we should stabilize it.
How do you prove that the evidence was not altered if the original is destructed?
Testing a DNA sample is also destructive, as are many other forensic tests. The key is that you have a disinterested technician performing the analysis, documenting each step in the process, and later testifying about it. If necessary, you can also keep recordings of the whole process, and subject those to chain-of-custody rules. If you really, really want to be careful, you allow the defense to provide their own expert witness who observes the entire process.
In addition, the process I described specifically does not destroy the original. The flash chips with the original encrypted data are intact, and so is the shaved CPU with visible microfuses. A defense expert can actually reconstruct the extraction and decryption process. There's still the possibility that the bits you read out of the CPU actually weren't the key but some other random thing, which is where those information-theoretic arguments I mentioned come in.
This is actually pretty easy to make ironclad, completely challenge-proof, and the fundamental ideas are no different from those used in any forensic analysis.
if the answer is not in the book, or computer or neighbor... then your teacher is just a sadistic asshole.
Heh. My favorite math prof used to give "open anything inanimate", take-home exams. Each consisted of exactly eight problems, all of the form "Prove or disprove <statement>", and they were handed out on Monday of finals week, and due on Friday (some people asked for more time, but he said he didn't want to ruin our weekends). They were awesome, requiring deep understanding of the material but all of them were actually within the grasp of a good student. I never found any of them in any book; he created them all himself, I think. Most students only managed about 50%, but a few from each class managed 100% -- with 10+ hours of work.
I don't think he was a sadist at all and definitely not an asshole. Those exams not only really showed who did and didn't understand the material, but they did an extraordinary job of cementing and combining the course's key elements in the minds of the students. Not as a replacement for homework, mind. If you hadn't been doing your homework there was no way you'd pass the exam unless you were a Ramanujan or something.
I thought they were also great fun. I remember endless hours of staring at the ceiling while rotating the pieces around in my head, until finally they clicked and I saw how to prove the statement or construct a counterexample. My wife (just recently married) was startled the first few times I shouted "YES!" and started jumping up and down after hours of staring and aimless pacing, interspersed with occasional scribbling. She got used to it, though. Thinking back makes me want to go take some more classes from him (we remain friends today, some 25 years later).
take the next steps I say "next"
I hate it when punctuation marks randomly disappear from my posts.
If there is a warming trend, human caused or not, we should be dealing with the evacuations and necessary work to deal with rising sea levels.
And we should be researching methods for cooling the planet.
Earth's climate has never been particularly stable. Unless we want to be forever dealing with its fluctuations we need to learn how to engineer the climate we want. Now seems like a perfect time to take the next steps I say "next" because we've already taken the first steps; we've learned how to warm the planet, though perhaps not in the most controlled or efficient way.
Confirmation bias, plus a common third factor: both Chinese restaurants and animal hospitals seek low-cost commercial real estate, so they end up in strip malls.
Did anyone else get annoyed while reading the summary that the number of workers who received (trivial) radiation doses is 32760, rather than 32768? I mean, it's so close to a very nice, round number, but not quite there.
The part that is fundamentally wrong, is the whole real name thing.
That makes no sense. If that were the issue, why is Facebook successful? Google+ rolled back the real name policy after a year or so, while Facebook has kept it, and yet Facebook is huge.
Another viewpoint: I really like Google+. It's by far my favorite "social" network. I put social in quotes because I think the key thing to understand about Google+ is that it isn't a social network so much as it's an interest network. It is for me now what USENET was 20 years ago, the place I go to talk to like-minded people about the things I'm interested in. It's better than USENET, though, because most of the newsgroups didn't have the moderation features needed to keep the signal to noise ratio high. I find I have a lot of really great conversations on G+.
I saw a post (on Google+, actually) that captured it pretty well: Twitter is for following celebrities. Facebook is for following your family and friends. Google+ is for following your interests. I also use it a little as a social network, but mostly I'm in a bunch of communities and follow a bunch of people who do and talk about things I find interesting. Relatively few of them are people I've ever met in real life. However, there are a handful of people I met through G+ who have become really good friends. We've met in real life, and even hung out with each others' families and stayed in each others' homes when traveling. That's a strong indicator of the depth of conversations that I have on G+.
Full disclosure: I'm a Google engineer, so I have a bias in favor of Google products. I also have a deep dislike of Facebook which probably isn't entirely rational any more. I say "any more" because that dislike is based largely on things Facebook did in the past and which I don't think they'll do again. I will probably give Facebook another shot, because it's the way my extended family stays in touch (lots of them are also on G+, but I think that's mainly because I am).
the whole point of the FBI query is so they can maintain a legal chain of evidence in extracting the data. Everyone KNOWS the NSA can crack this by disassembling the hardware, but that method is not admissible in court.
Cite?
I see absolutely no reason that disassembling the hardware breaks the chain of evidence. Said disassembly just has to be done by experts who will testify to the steps they used to extract the data and that the device was not out of their control. The NSA might not want to testify to the means used, I suppose, but I don't see why not because this is a really straightforward process. It requires specialized skills and tools, but nothing not present in many university research labs.
1. Remove the flash chips and connect them to a controller to copy the contents (which are encrypted).
2. Remove the CPU, and shave off the cladding to expose the silicon wafer inside.
3. Shave layers of silicon off to expose the non-volatile storage containing the key (likely micro fuses, which are relatively large compared to other features).
4. Use an electron microscope to read out the key bits.
5. Combine all possible passwords with the key bits in the manner done by Apple's software to produce all possible candidate encryption keys.
6. Perform trial decryptions of the data obtained in step 1 with all of the keys to see which one works. Or Apple may have another mechanism to determine if the key is correct[1].
There's nothing here that requires secret knowledge, and nothing that would somehow break the chain of custody. Before you can do this on the target phone you need to do it on a few others so you can identify the location of the key in the silicon. After you're done, you may also need to make some information theoretic arguments about the possibility that you screwed up and found something that wasn't the key but still produced plaintext that looked like actual data. Those are very easy.
So, no, this isn't about chain of evidence. For that matter, it's unlikely that any data on the device would ever be used to prosecute anyone anyway. The (purported) goal here is to get leads that may identify other conspirators, and if that were to happen it would almost certainly be other evidence, found as a result of following those leads, that would be used to prosecute the other conspirators. The "fruit of the poisoned tree" issue that comes up with illegally obtained information wouldn't apply, because the leads wouldn't be illegally obtained. There are no legal obstacles to the FBI extracting whatever they can get out of this phone.
[1] A common technique to determine whether the password-derived key is the correct one is to store a secure hash of the derived key alongside the encrypted data. This makes it easy to check whether the derived key is the correct one, but unless the hash is broken to the point of being reversible doesn't provide an attacker with significant information about the key, especially if the hash space is significantly smaller than the keyspace (e.g. 32-bit hash of a 256-bit key). Android device encryption uses this technique to check if your entered password was correct.
Another nice improvement the winners made above the requirements was that Google asked for 230 or 240 VAC output, but the winning device provides 240 VAC split phase, which means it can also be used to provide two legs of 120 VAC. Not that it's terribly hard to add a 240 VAC -> 120 VAC transformer, but with this design there's no need.
Can't take time away from licking your corporate master's boots to use their search engine, huh? Here, I'll help you:
Sadly, there's no LMGTFY for Scholar.
Snark aside, it's rather hilarious that none of the hits for that search say what the GGP said.
the 0.00000000000000000000000000000000000000001%
I somehow missed that there were ten tredecillion (10 billion trillion trillion trillion) people on the Earth[1]. That's 20 nonillion people per square meter of land area, and at the average human mass of 62 kg, means the human population of Earth masses 530 times as much as the galaxy! Damn. Population growth is really out of control.
I get that you were exaggerating for effect, but learn something about large/small numbers, will you? Exaggerating by a couple orders of magnitude is fine, but 35 orders of magnitude is just ridiculous.
[1] Note that this figure assumes that there is only one person in existence who would do this, which would be wildly optimistic even if this incident were unique, which it isn't.
Don't listen to just me, several studies and reports have said what I'm about to say, including an Ivy league school.
Cite?
You sure? He's friends with Dennis Rodman.
Enough said.
Did you miss the part of the GP that mentioned using bizarre behavior as a negotiating tactic?
To wit the answer must be: "We re-architected our security hardware and no longer possess the *capability* to circumvent query limit and delay."
They probably already did this in the 5S and later. The 5C does not have the "secure enclave" chip, which means there is no secure hardware on the device, all of the security is implemented in software.
Also, it should be pointed out that the signed software approach is quite secure against anyone who doesn't have the software signing keys, or the capability to compel the holder of the signing keys. That's actually just fine if the goal is to defend the data from access by private snoops (e.g. spouses, even technically sophisticated ones, corporate espionage, etc.) and criminals.
Consumer devices will never be secure against state actors with unlimited funds and sufficient motivation (e.g. NSA, GCHQ, Mossad, etc.), so really the only cases where the approach is inadequate are cases where (a) the owner of the signing keys (Apple) wants the data or (b) a government with the power to compel the owner of the signing keys wants the data. Apple has no reason to prevent their own ability to circumvent (though they do need to protect against use of this ability by rogue employees), since they know their financial interest is strongly on the side of securing the data, and legitimate companies generally do not expend effort on securing data against law enforcement officials of democratic regimes that have due process and rule of law.
Indeed, although the 5S and the 6-series probably do make it impossible for Apple to comply with similar demands for those devices, I really doubt that was the rationale for adding the security chip. I'm the lead engineer for similar components on Android, and while I've been pushing to include a secure element chip for some time, the rationale has never been to keep US courts from being able to compel access, it's always been about strengthening security against corporate espionage (which signed software solutions do address, but not completely) and to make penetration costlier for oppressive governments and intelligence services. I say "costlier" since they can't really be kept out completely.
I'm not certain that the secure enclave actually keeps Apple from being able to comply with this sort of request, either. I expect that the software in that device is also field-upgradable, since there are compelling practical and security reasons for enabling upgrades. Bugs are always a risk, and being able to fix them is a really good thing. But if the software can be upgraded, then it can be "upgraded" to remove security features. This can be limited in various ways; it's common, for example, to have secret keys burned into hardware which simply cannot be extracted by software because the software never has direct access to them, and any security that derives from the secrecy of such keys can't be subverted by software changes. But brute force mitigation possibly can be upgraded away, even with the secure enclave chip.
The bottom line here is that these are really hard engineering problems. Not that it's hard to design so that key components are non-updatable... that's easy. But it's also very risky, because it leaves you without any options when said components turn out to have problems. I think it's flat wrong to characterize Apple engineers' failure to secure the 5C against Apple as any kind of incompetence, which is your clear implication.
Cryptography advances outside of the US made the point moot by early nineties, and the export-restrictions were dropped. But they weren't "stupid" — except, maybe, for the very last year or two.
Yes, they were stupid. There were no significant cryptographic primitives in use in the US about which full details hadn't been published, or indeed, of which implementations weren't available worldwide. Many of the "export-grade" ciphers were the same ciphers used in the US, just with arbitrary restrictions on key length.
There was no point in time where encryption tools available to US corporations and citizens were significantly better than tools available outside of the US.
That was kinda my point; the poor sap has done nothing wrong but still feels the need to go for "immunity".
The poor sap has no idea if he did anything wrong. He knows he never intended to do anything wrong but who knows what mistakes he might have made, or what things he might say that could be used to find something against him? https://www.youtube.com/watch?...
Alternatively, maybe it wasn't that he felt he needed immunity, but he just didn't want to talk. Without immunity, he could always just plead the fifth, saying that he didn't want to talk on the grounds that he might incriminate himself (see previous point... he doesn't actually have to believe he did anything wrong for it to be the case that he might incriminate himself). By granting him immunity, the DoJ removes his ability to refuse to testify. If he won't tell them what he knows now, they'll haul him in front of the judge and have him up on contempt charges.
How fucked-up a "justice" system is that?
I don't see how any system could be significantly different in this respect without being worse. The laws and regulations could be simpler, which could make it easier to know if you've committed a crime, but, as the ultimate example in that video I linked points out, that really doesn't matter. Something which is absolutely true and could not possibly incriminate you could still cause you trouble in court (see 21:35 in the video).
Buffer Sees Clear Benefits To Transparent Employee Salary Policy
We now have intelligent buffers handling HR stuff? Cool.
The summary doesn't make it very clear, but they're talking about Emacs buffers, using hr-mode 6.2.9 (though XEmacs users are stuck on 5.9.x, because 6.0 introduced a reliance on an obscure new feature of Tramp which doesn't work on XEmacs yet). Supposedly 6.3 will bring integration with org-mode and ceo-mode, allowing essentially all business operations to be automated. That's been promised for years now, though, so I'm not holding my breath.