Some time ago (circa 2006) I was a sysadmin in some quite big Russian medical organization. And the org was obliged to send an encrypted and signed mail to it's bank.
You possibly understand what kind of people the Soviet bookkeepers are, so it was necessary to "train them specially"(c). And in this process I have discovered that the key is not generated by client and then signed by authority. It is both generated and signed by authority.
I understand that the only purpose of it was a transport encryption and nobody ever will generate false letters. Nevertheless, it means that you should either review the key procedures yourself or considerably diminish your trust in them.
Daddy drinking vodka and beating the wife and kids has a better chance to vote politically correctly. You understand. The sober daddy loving his relatives makes too much damage with his ballot.
It's so. March 7, 2013 Gosduma (State Duma) has been named Gosdura (State Dumbass) by TVman Pozner in liveTV transmission. And this name came to our lexicon.
She may not go and do a non-traditional sex, sex with a non-traditional partner or a sex in non-traditional position since her previous law proposal banned just it. At least her speech in Duma has been understood just so.
And you ass clowns want to take control of TLD's away from ICANN
I personally don't care. There are 2 kinds of Internet activity. First one uses some domain names given by authorities according to specific rules and revoked or banned by censors. The second one uses cryptographic hashes as addresses and cannot be banned.
And the faster the censors kill the DNS the sooner the uncensorable Internet will appear.
What is wrong with "Committee on Family, Women and Children"?
That this Committee is a mask of "United Russia", universally named here "Party of Crooks and Thieves" (See Wikipedia article "United Russia" http://en.wikipedia.org/wiki/United_Russia
- we just use bad words as ordinary speech (My russkie matom ne rugaemsya - my matom razgovarivaem).
And all this curse-banning circus has the only purpose that isn't exposed: To promote Internet filters that will be (and are) used for any purpose THEY like. No wonder that I2P NetDB contains more Russian nodes than any other country's.
They cannot be cool. If "cool" means low temperature, then almost every computer I ever was able to test was cooler under FreeBSD than under Windows. The only notable exception was HP notebook with 2 video cards that was impossible to deactivate under X.
If the servers make something useful, then they also cannot be cool since cool means idle.
If "cool" means outstanding, then I believe that the only Microsoft thing that doesn't suck is a vacuum cleaner.
Let us calculate. I have no idea about US homes but I pay for apartment in Siberia where live my, say, cousins. I pay about 200 Roubles a month (about US$ 6.25 - US$ is about 32 Roubles). Tariff is 0.72 Roubles per kWh (about US$ 0.0225 per kWh). It amounts to 0.37 kW of average power consumption.
In comparison, PS of my computer is rated to 0.75 kW, and TDP of it's processor is 0.125 kW.
Seriously, in 90-s in Russia FreeBSD was the system of choice of ISP. Not Linux, not Microsoft. And I have read that once upon a time in 90-s the FreeBSD FTP site took world's first place in total download. The second place was taken by Microsoft site.
Hardware difference was shocking: FreeBSD was a quite old single processor Pentium Pro. It was housed in 5 ATX boxes, 4 of them were filled with SCSI HDD. Microsoft site was a complex of more than 50 computers. So I believe that FreeBSD is more than 50 times more efficient than Microsoft OS, in condition that both OS are serviced by properly educated personnel.
Returning to this article, I believe that 980000 Microsoft servers just waste energy, space and personnel resources. It's enough energy for 225400 US homes.
And all this will cost you 3-4 times more and take 3-4 times more place than a specialized device. Also, it will have 3 times more glitches that you will never be able to catch: the simple ADSL modem has NO RAM and ROM for alternative firmware. Then, TL-WR702N has only 2 MB flash. It means that you also cannot use any alternative firmware (it needs at least 4). You will be unable to use any functions that you cannot migrate from TL-WR to Atom.
Any model of router that has enough RAM and ROM and architecture supported by OpenWRT. It does NOT mean that you will really use OpenWRT but it means that you have at least one alternative firmware and the router is NOT a cheap [Nomina sunt Odiosa] box with minimal functions.
Then, you may experiment with heatsinks and add a ceramic cap in parallel with every electrolytic cap inside if you wish, replace a cheap [Nomina sunt Odiosa] power source with UPS and do what you want.
If your box is a supermegaextraprofessional router but it does NOT support OpenWRT then sometime you will experience some bug and will be unable to distinguish it from a hardware error since you have no alternative firmware. I personally had a yearlong dispute with ISP and D-Link before I got a terribly bad modem. It was old, buggy, it required a heatsink mod - but it had OpenWRT support. Then, all the bugs were successfully caught. I use it now.
The fundamental problem of the next Skype is that any attempt to produce a really anonymous network will need lots of nodes in delivery chain and will correspondingly produce too long delays, but texting-only app suffers at least since users cannot verify their correspondents by known voice. And you should not trust a network where the intermediary nodes are not under direct control of participants since they all may belong to FSB (KGB, NSA, aso).
I agree 100 per cent. And I must add that all these so called crypto or secure apps that don't hide the fact of connections are absolutely unsafe. If the FSB (KGB, Russian equivalent of NSA) can compile my contact list they can just torture the content out of them. There is a specific Russian term - "rectothermal cryptoanalyzer" (meaning the hot soldering iron to suspect's anus).
BTW: Hemlis is suspicious because the usernames must be preregistered. The really secure app should have no any central server for the registration info. The admins of such server can be too easily tortured to disclose or stop everything.
2 variants. 1) THEIR bastardized client feeds a/dev/urandom to downloaders and logs their addresses in process. 2) YOU use existence of such a client to show that you haven't sent a real file and are innocent as a result.
First variant is obviously detectable and easily punishable. Wikipedia states that the hashes are SHA-1 so it is VERY VERY DIFFICULT to feed a random data with correct hash. So every data error is the cause for total ban, and if needed the corresponding distributed banhammer will be produced.
Second variant is IMPOSSIBLE. You may make every client you like. But if you use it, it will immediately disrupt the system while giving nothing to you personally (you cannot download with this client - you will be banned). If you use it to show that you have no such file - it's enough just to have no such file. Result will be the same. And you cannot even make a legal precedent since if they don't have a real chunk from you they will never sue.
Of course, if the SHA-1 is crackable, it would be a fun to supply a noise to known *AA IP addresses. But still it will NOT set a precedent.
You may set the upload speed to 0 - the adversary will see that you have the file but will be unable to download, check and sue. But it will disrupt the basic idea that the peer should give more than take.
No. Other peer makes a crypto handshake with you, and you voluntarily agree to establish an encrypted link with him. After this, you have no "They illegally decrypted my communications" excuse. Then they use the standard Bittorrent protocol to request any part of the file, and you voluntarily agree to send it. They get it from your IP. You are caught.
What do you mean by "solid adversaries"? My comrade (I live in Russia) uses Ipredator.se. There is zero possibility that Ipredator will cooperate with Russian copyright agency or Russian anti-extremist agency (There is also consumer rights agency that censors against suicide etc but there are no criminal fees for such violations). And is zero possibility that YOUR solid adversaries such as NSA, CIA aso will cooperate with OUR adversaries as FSB, KGB, NKVD, GULAG aso for pressing Ipredator.
The method is simple: Find a link to torrent, check it for copyright violation and try to download registering IPs of peers in process.
The technological countermethod is simple too: I2P or VPN. I2P is a CLOSED network, and it means that you cannot download anything from ordinary Internet but VPN can be used traditionally. There are lots of other P2P networks but I just have no info about them.
The legal countermethod is simple too: Attempt of investigators to download a counterfeit file is a provocation of crime that should not happen without it. And there is no method to ensure that the peer really contains a file except this provocation.
Seriously, here is a Russian analog to US Rubberhose Decryptor. It's named a Rectothermal Crypto Analyzer. We Russians mean a hot soldering iron in suspect's anus. And after some policemen sodomized their suspects with batons and Champaigne bottles (In Kazan, the region police station has been closed after this) this lore becomes just a reality.
But we Russians are not the first. In Great Britain you either disclose your keys or just go to prison. [Insert your 1984-esque joke here]
unless you take careful pains to only and always use POP,
It's NOT a solution. The only working solution (vulnerable to sniffer only) is your own encrypted SMTP server on encrypted partition, with your last will to physically destroy the boot flash. The more radical means (I2P or possibly TOR) are incompatible with existing mail.
The simple solution is to fold email into current law so as to enjoy the same protections as snail mail.
Can you personally fold your email into current law?
Still bad. You are tying up precious resources such as processes, threads and memory.
If you really need to process some rare events and not tie resources you may write a tiny daemon that waits for them all and then forks/execs a server process. If you need to process some rare events fast you still should keep a server process in memory - it's your price of fast processing. And it may either wait for this event or poll it often enough.
Register for events, e.g by filling a jump table and register it with the OS
I cannot remember which manpage to read about it. Sorry, I don't name OS a thing that has no manpages.
Slashdot Mirror
Some time ago (circa 2006) I was a sysadmin in some quite big Russian medical organization. And the org was obliged to send an encrypted and signed mail to it's bank.
You possibly understand what kind of people the Soviet bookkeepers are, so it was necessary to "train them specially"(c). And in this process I have discovered that the key is not generated by client and then signed by authority. It is both generated and signed by authority.
I understand that the only purpose of it was a transport encryption and nobody ever will generate false letters. Nevertheless, it means that you should either review the key procedures yourself or considerably diminish your trust in them.
Daddy drinking vodka and beating the wife and kids has a better chance to vote politically correctly. You understand. The sober daddy loving his relatives makes too much damage with his ballot.
It's so. March 7, 2013 Gosduma (State Duma) has been named Gosdura (State Dumbass) by TVman Pozner in liveTV transmission. And this name came to our lexicon.
We already are committing ethnic suicide. Or, more precisely, we are being replaced with more controllable electorate.
She may not go and do a non-traditional sex, sex with a non-traditional partner or a sex in non-traditional position since her previous law proposal banned just it. At least her speech in Duma has been understood just so.
Sorry but men that protect their childen are systematically incarcerated here. Especially if the criminals are from Chechnya (remember Tsarnaev).
And you ass clowns want to take control of TLD's away from ICANN
I personally don't care. There are 2 kinds of Internet activity. First one uses some domain names given by authorities according to specific rules and revoked or banned by censors. The second one uses cryptographic hashes as addresses and cannot be banned.
And the faster the censors kill the DNS the sooner the uncensorable Internet will appear.
What is wrong with "Committee on Family, Women and Children"?
That this Committee is a mask of "United Russia", universally named here "Party of Crooks and Thieves" (See Wikipedia article "United Russia" http://en.wikipedia.org/wiki/United_Russia
- we just use bad words as ordinary speech (My russkie matom ne rugaemsya - my matom razgovarivaem).
And all this curse-banning circus has the only purpose that isn't exposed: To promote Internet filters that will be (and are) used for any purpose THEY like. No wonder that I2P NetDB contains more Russian nodes than any other country's.
They cannot be cool. If "cool" means low temperature, then almost every computer I ever was able to test was cooler under FreeBSD than under Windows. The only notable exception was HP notebook with 2 video cards that was impossible to deactivate under X.
If the servers make something useful, then they also cannot be cool since cool means idle.
If "cool" means outstanding, then I believe that the only Microsoft thing that doesn't suck is a vacuum cleaner.
Let us calculate. I have no idea about US homes but I pay for apartment in Siberia where live my, say, cousins. I pay about 200 Roubles a month (about US$ 6.25 - US$ is about 32 Roubles). Tariff is 0.72 Roubles per kWh (about US$ 0.0225 per kWh). It amounts to 0.37 kW of average power consumption.
In comparison, PS of my computer is rated to 0.75 kW, and TDP of it's processor is 0.125 kW.
... Microsoft rejects YOU!
Seriously, in 90-s in Russia FreeBSD was the system of choice of ISP. Not Linux, not Microsoft. And I have read that once upon a time in 90-s the FreeBSD FTP site took world's first place in total download. The second place was taken by Microsoft site.
Hardware difference was shocking: FreeBSD was a quite old single processor Pentium Pro. It was housed in 5 ATX boxes, 4 of them were filled with SCSI HDD. Microsoft site was a complex of more than 50 computers. So I believe that FreeBSD is more than 50 times more efficient than Microsoft OS, in condition that both OS are serviced by properly educated personnel.
Returning to this article, I believe that 980000 Microsoft servers just waste energy, space and personnel resources. It's enough energy for 225400 US homes.
And all this will cost you 3-4 times more and take 3-4 times more place than a specialized device. Also, it will have 3 times more glitches that you will never be able to catch: the simple ADSL modem has NO RAM and ROM for alternative firmware. Then, TL-WR702N has only 2 MB flash. It means that you also cannot use any alternative firmware (it needs at least 4). You will be unable to use any functions that you cannot migrate from TL-WR to Atom.
Any model of router that has enough RAM and ROM and architecture supported by OpenWRT. It does NOT mean that you will really use OpenWRT but it means that you have at least one alternative firmware and the router is NOT a cheap [Nomina sunt Odiosa] box with minimal functions.
Then, you may experiment with heatsinks and add a ceramic cap in parallel with every electrolytic cap inside if you wish, replace a cheap [Nomina sunt Odiosa] power source with UPS and do what you want.
If your box is a supermegaextraprofessional router but it does NOT support OpenWRT then sometime you will experience some bug and will be unable to distinguish it from a hardware error since you have no alternative firmware. I personally had a yearlong dispute with ISP and D-Link before I got a terribly bad modem. It was old, buggy, it required a heatsink mod - but it had OpenWRT support. Then, all the bugs were successfully caught. I use it now.
The fundamental problem of the next Skype is that any attempt to produce a really anonymous network will need lots of nodes in delivery chain and will correspondingly produce too long delays, but texting-only app suffers at least since users cannot verify their correspondents by known voice. And you should not trust a network where the intermediary nodes are not under direct control of participants since they all may belong to FSB (KGB, NSA, aso).
I agree 100 per cent. And I must add that all these so called crypto or secure apps that don't hide the fact of connections are absolutely unsafe. If the FSB (KGB, Russian equivalent of NSA) can compile my contact list they can just torture the content out of them. There is a specific Russian term - "rectothermal cryptoanalyzer" (meaning the hot soldering iron to suspect's anus).
BTW: Hemlis is suspicious because the usernames must be preregistered. The really secure app should have no any central server for the registration info. The admins of such server can be too easily tortured to disclose or stop everything.
2 variants. 1) THEIR bastardized client feeds a /dev/urandom to downloaders and logs their addresses in process. 2) YOU use existence of such a client to show that you haven't sent a real file and are innocent as a result.
First variant is obviously detectable and easily punishable. Wikipedia states that the hashes are SHA-1 so it is VERY VERY DIFFICULT to feed a random data with correct hash. So every data error is the cause for total ban, and if needed the corresponding distributed banhammer will be produced.
Second variant is IMPOSSIBLE. You may make every client you like. But if you use it, it will immediately disrupt the system while giving nothing to you personally (you cannot download with this client - you will be banned). If you use it to show that you have no such file - it's enough just to have no such file. Result will be the same. And you cannot even make a legal precedent since if they don't have a real chunk from you they will never sue.
Of course, if the SHA-1 is crackable, it would be a fun to supply a noise to known *AA IP addresses. But still it will NOT set a precedent.
You may set the upload speed to 0 - the adversary will see that you have the file but will be unable to download, check and sue. But it will disrupt the basic idea that the peer should give more than take.
No. Other peer makes a crypto handshake with you, and you voluntarily agree to establish an encrypted link with him. After this, you have no "They illegally decrypted my communications" excuse. Then they use the standard Bittorrent protocol to request any part of the file, and you voluntarily agree to send it. They get it from your IP. You are caught.
Due to modern snooping tech, it's quite unwise to believe that any amount of noise will hide anything.
What do you mean by "solid adversaries"? My comrade (I live in Russia) uses Ipredator.se. There is zero possibility that Ipredator will cooperate with Russian copyright agency or Russian anti-extremist agency (There is also consumer rights agency that censors against suicide etc but there are no criminal fees for such violations). And is zero possibility that YOUR solid adversaries such as NSA, CIA aso will cooperate with OUR adversaries as FSB, KGB, NKVD, GULAG aso for pressing Ipredator.
The method is simple: Find a link to torrent, check it for copyright violation and try to download registering IPs of peers in process.
The technological countermethod is simple too: I2P or VPN. I2P is a CLOSED network, and it means that you cannot download anything from ordinary Internet but VPN can be used traditionally. There are lots of other P2P networks but I just have no info about them.
The legal countermethod is simple too: Attempt of investigators to download a counterfeit file is a provocation of crime that should not happen without it. And there is no method to ensure that the peer really contains a file except this provocation.
In Soviet Russia, the soldering iron solders YOU!
Seriously, here is a Russian analog to US Rubberhose Decryptor. It's named a Rectothermal Crypto Analyzer. We Russians mean a hot soldering iron in suspect's anus. And after some policemen sodomized their suspects with batons and Champaigne bottles (In Kazan, the region police station has been closed after this) this lore becomes just a reality.
But we Russians are not the first. In Great Britain you either disclose your keys or just go to prison. [Insert your 1984-esque joke here]
unless you take careful pains to only and always use POP,
It's NOT a solution. The only working solution (vulnerable to sniffer only) is your own encrypted SMTP server on encrypted partition, with your last will to physically destroy the boot flash. The more radical means (I2P or possibly TOR) are incompatible with existing mail.
The simple solution is to fold email into current law so as to enjoy the same protections as snail mail.
Can you personally fold your email into current law?
Because it's a necessary step in starting malware from removable drives.
Still bad. You are tying up precious resources such as processes, threads and memory.
If you really need to process some rare events and not tie resources you may write a tiny daemon that waits for them all and then forks/execs a server process. If you need to process some rare events fast you still should keep a server process in memory - it's your price of fast processing. And it may either wait for this event or poll it often enough.
Register for events, e.g by filling a jump table and register it with the OS
I cannot remember which manpage to read about it. Sorry, I don't name OS a thing that has no manpages.