I grew up in the south, and I can tell you it is a breeding ground for hate, backward ideas, and a willingness to repress those who "are different".
I've lived all over the country and traveled all over the world and most places that contain people are full of hate and intolerance. The difference lies in how close that hatred is to the surface and whether you agree with the specifics of the intolerance. Right now, you're probably more comfortable because the locals hate the same things that you do ("Southerners", for one).
Are you implying that Google's own software hasn't also had security issues? Even if you write the backdoor code instead of leaving it to somebody else, it will invariably have issues. Even if written perfectly, because of the nature of backdoors.
Being a huge and influential company, Google has other avenues beside just compliance. If Google can thumb its nose at China, then a little market like the UK doesn't need to be unquestioningly obeyed. This problem needs a solution that doesn't involve weakening security in any way and providing an official (from Google) backdoor only prolongs the push to get rid of such legal requirements.
(This is the around the depth where Slashdot's nesting code starts really screwing up, so forgive me if I lose the thread here.)
I'd recommend checking out Windows phones, too. My wife's had one for about a year now and liked it, so I decided to try it out myself when my Nexus finally kicked the bucket. I'm pretty impressed so far. The dev tools are pretty decent, too (though now I have to run 7 in a VM, too). Cortana's creepy, though, and they tie too much other functionality into it.
I hadn't used anything of Microsoft's past XP, but I agree that they're really stepping up their game as of late.
Budweiser sucks because the goal of the company's management is to make it taste like that, but their brewmasters are actually very good brewers. (I have some friends who work at AB, so I've been able to try some of their small batches and little project brews.)
Expertise only counts for so much when the management hamstrings you and insists that you cut corners.
That's awesome, though I have to say that I would take that shit away from a Nazi officer if I captured him, gun or not. There's no way I'd let him prance around in my prison cell wearing that gaudy thing.
As I have pointed out here before I have accidentally brought banned items through security without any real effort in concealing them, they were left in coat pockets, and the TSA never once found them. Yet every time I bring my camera through I get to play 20 questions with the otherwise unemployable.
It's funny that you use that example because the last time I flew they pulled me aside to explain the extra camera battery that was literally right next to a pocket knife that they didn't notice. After being grilled (bumblingly questioned, really) for five minutes, they finally accepted my explanation for the battery, put it back next to the knife and let me go.
On the way back, they didn't seem to notice either the knife or the battery.
Hey, whatever helps you sleep at night, but claiming that the world is a better place because you did a bad thing is an act of rationalization. Because so many people do this, we live in a world where bad things are constantly done and the people who do them sleep well at night, cozy in their rationalizations. Each of these people have actually made the world a worse place.
There are dozens of suggestions in response to your first post, but the most common suggestion is the one that I think is the most obvious: don't participate in adding backdoors to encryption software.
The rationalization that somebody else will inevitably do some "bad thing" (and maybe do a poor job of it) doesn't make it ethical for you to do that "bad thing". You are responsible for your own actions and not the assumed actions of others.
There are very few paths from willingly participating in bad things to having those actions described as ethical. This is a very well covered philosophical concept.
Ethics is about choices between alternatives, it's not unethical to do a bad thing if all of the other alternatives are worse.
You've artificially narrowed the alternatives so that you can rationalize choosing an unethical one. Even choice #1, refusing to do the bad thing, was artificially constrained so that it could be dismissed out of hand.
Your mindset and capability for rationalizing unethical acts doesn't give me much faith in Google as a "highly ethical organization". Did they teach you these methods?
The weakest link is the part where you upload all of your data to a "zero knowledge" storage provider. "Zero knowledge" just means, "I promise not to look at your data (yet)."
A $50 SSD isn't going to hold more than a few games at a time, which means I'll be spending my time moving games between drives every time I want to play something different.
I'm not flush with free time and I play games to unwind. It's much less relaxing to have to implement workarounds for problems that should be handled by the games themselves. If I'm going to do that, I might as well just go the RAM disk route like I said in the original post.
Speeding around me in the slow lane when I'm already going ten over, but have a full two-second gap in front of me.
I agree with everything you said but this. If somebody can pass you on the right, then you're in the wrong damned lane. It doesn't matter how fast you're going. My drive to and from work is hellish, and it's almost entirely due to people hanging out in the left lane and forcing people to pass on the right or weave through traffic to get past them. At times, there a whole stack of cars in the left lane (often riding each other's ass) and the right lane is clear for literally miles. Keep right except to pass, OK?
If you can pull yourself out of your trembling puddle of irrational fear, target shooting can be a very chill activity. Consistently accurate shooting requires a great deal of self-awareness and self-control. I find it to be very relaxing and almost zen-like. Holding your concentration through the noise and recoil of the shot is also extremely good for mastering meditation.
Shooting other people for fun or profit is pretty fucked up, but there's nothing inherently un-chill about firearms. It sounds like the one who needs to chill is you.
I agree. My gaming PC from 2009 has 16 GB of RAM that sits empty while the games slowly load assets from the spinning disc at preset intervals/locations. (Loading...) The CPU sits idling while the (single threaded, 32bit) AI process makes sure not to use any of it to make better behaving enemies/NPCs.
The only thing that is even remotely improving is the graphics, but my two seven year old middle-grade GPUs still let me play everything all maxed out.
Everything seems to be made for consoles and refuses to even take advantage of the extra capabilities of better hardware. At the very least, with more free RAM than the entire game's assets, I should never have to see an inter-level loading screen again (SSDs help, but maybe I should set up a RAM disk).
You can't fix an ECM/TCM by yourself, so for repairs, dealers are still a must.
Dealers don't fix an ECM/TCM, either. They just swap them out like any other shop would. They used to have better computers for testing individual actuators and solenoids and stuff, but you can buy a nice bi-directional scanner for the cost of one repair at a dealership. Nearly every shop will have one, or can borrow/rent the proprietary one from the dealership itself.
Take your car to the dealership for warranty repairs or the included first year of oil changes. There's no reason to give them more money after that.
They had to. Concentrating this last little bit of wealth is going to be the hardest part so far and they need to be ready when it starts cutting into the bread-and-circuses fund. Expect much more of this in the near future.
Are you open carrying the 22/45? If you're just using it to announce that there are armed people present so don'y try anything stupid, then even a spray-painted blue gun would work for that.
If you are intending to stop an armed threat with the least amount of force necessary, then I'd really recommend against using a.22 LR. A.22 is perfectly capable of a lethal shot if placed well, but if you're not trying to kill with it you're likely to just escalate the situation. I was shot in the foot with a.22 as a teenager by my stupid friend and didn't even know it until I started to walk. I was startled by the crack and never even felt the shot. If guns are drawn and tensions are high, shooting someone with a.22 (with the intention of incapacitating but not killing) is likely to just make them start shooting. If you intend to be able to actually stop/incapacitate somebody, you're better off with a 9mm or something that will definitely get their attention. Even a.22 WMR or.380 will get somebody's attention, while still allowing the gun to be small and light.
Those consumed by hubris will continually reinvent what already exists, poorly.
"Scrambling" an SNTP client's clock doesn't require this exploit because SNTP doesn't retain any state (and all the complexities that come from that). The systemd time sync client is especially naive, even for SNTP.
Many ISPs, Comcast included, will provide a smarthost of their own that you can use (the creatively named smtp.comcast.net at Comcast). It's not free in that you're paying for the internet connection anyway, but they'll happily let you relay your outbound mail through them.
Who in their right mind runs an email server without a static IP?
I do, and it works out fine. It's a business account, so they don't block any ports, the subnet isn't on any blacklists, and the IP address rarely actually changes (~once a year, tops). I just sync the DNS to the new address when it changes and pay for a backup MX service ($2/mo, good for extended power outages or server reboots, too). With proper TLS certs, SPF records, and DKIM set up, I've never had any problems sending or receiving mail.
Mismatching rDNS records shouldn't result in a bounced message by itself. I never bounce a message on that alone and I've got spam well under control on my domain. It's not really even that reliable of an indicator of spam.
In the most dire situation, you can always relay your outgoing mail through your ISP's mail server. That adds a ton of legitimacy to your outbound mail as they typically have all of their ducks in a row, configuration-wise.
It seems like I'm dismissing your point instead of discussing it because you're arguing against a stance that I'm not even taking.
My stance is that trusting Google or any single party to store your private data and secure it against even their own access is silly, especially if you have no way to verify this. The fact that they offer you an auto-updating binary means that you cannot verify this, even if you wanted to.
A more secure, but still insecure (see below), approach would be to encrypt your data with software from one party and store it with another. Gaining access to that particular data would cooperation between two parties, which is less likely. The need for a conspiracy against you reduces the risk associated with the second scenario. It doesn't necessarily reduce the risk by much, but a risk reduction is the entirety of my point. Security is made up of an collection of such risk reductions (some larger than others).
If you're saying that your data can be easily acquired through other means, then I agree. Though that depends on the data, of course. Your browsing history is out of your control, but passwords and bookmarks (and their organization or any attached notes) are valuable and not common knowledge to everybody else. The contents of encrypted emails to friends or notes to myself are not so easily deduced from my browsing habits. Just because your traffic patterns can be analyzed doesn't mean that you should willingly hand over everything else.
Maybe some disclaimers would help clear up what I am not advocating: I don't (deliberately) use Google or any "cloud" provider to keep my data online. I don't use social media. I don't use online password managers. I host all of my data myself and consider it insecurable once it has left my control, even if it is "encrypted" (the most exploited aspect of encryption is imperfect implementation; even encrypted data should be protected).
I have to admit that it doesn't seem like you're arguing against anything that I'm actually saying at this point. Since I'm getting bored of this "debate", you can go ahead and beat these bizarre little strawmen apart while I go talk with someone a little more interesting.
As a very longtime Linux user, my introduction to the BSD world was through Mac OS X. Since then, I've gained a great appreciation for it. More of my new servers end up being FreeBSD and OpenBSD lately.
If you're familiar with Linux (or Mac OS X), I definitely recommend checking it out. It's a very accessible and very rewarding environment.
Slashdot Mirror
I grew up in the south, and I can tell you it is a breeding ground for hate, backward ideas, and a willingness to repress those who "are different".
I've lived all over the country and traveled all over the world and most places that contain people are full of hate and intolerance. The difference lies in how close that hatred is to the surface and whether you agree with the specifics of the intolerance. Right now, you're probably more comfortable because the locals hate the same things that you do ("Southerners", for one).
Are you implying that Google's own software hasn't also had security issues? Even if you write the backdoor code instead of leaving it to somebody else, it will invariably have issues. Even if written perfectly, because of the nature of backdoors.
Being a huge and influential company, Google has other avenues beside just compliance. If Google can thumb its nose at China, then a little market like the UK doesn't need to be unquestioningly obeyed. This problem needs a solution that doesn't involve weakening security in any way and providing an official (from Google) backdoor only prolongs the push to get rid of such legal requirements.
(This is the around the depth where Slashdot's nesting code starts really screwing up, so forgive me if I lose the thread here.)
I'd recommend checking out Windows phones, too. My wife's had one for about a year now and liked it, so I decided to try it out myself when my Nexus finally kicked the bucket. I'm pretty impressed so far. The dev tools are pretty decent, too (though now I have to run 7 in a VM, too). Cortana's creepy, though, and they tie too much other functionality into it.
I hadn't used anything of Microsoft's past XP, but I agree that they're really stepping up their game as of late.
Budweiser sucks because the goal of the company's management is to make it taste like that, but their brewmasters are actually very good brewers. (I have some friends who work at AB, so I've been able to try some of their small batches and little project brews.)
Expertise only counts for so much when the management hamstrings you and insists that you cut corners.
That's awesome, though I have to say that I would take that shit away from a Nazi officer if I captured him, gun or not. There's no way I'd let him prance around in my prison cell wearing that gaudy thing.
As I have pointed out here before I have accidentally brought banned items through security without any real effort in concealing them, they were left in coat pockets, and the TSA never once found them. Yet every time I bring my camera through I get to play 20 questions with the otherwise unemployable.
It's funny that you use that example because the last time I flew they pulled me aside to explain the extra camera battery that was literally right next to a pocket knife that they didn't notice. After being grilled (bumblingly questioned, really) for five minutes, they finally accepted my explanation for the battery, put it back next to the knife and let me go.
On the way back, they didn't seem to notice either the knife or the battery.
Hey, whatever helps you sleep at night, but claiming that the world is a better place because you did a bad thing is an act of rationalization. Because so many people do this, we live in a world where bad things are constantly done and the people who do them sleep well at night, cozy in their rationalizations. Each of these people have actually made the world a worse place.
An AC demanding proof of authenticity... that's rich.
There are dozens of suggestions in response to your first post, but the most common suggestion is the one that I think is the most obvious: don't participate in adding backdoors to encryption software.
The rationalization that somebody else will inevitably do some "bad thing" (and maybe do a poor job of it) doesn't make it ethical for you to do that "bad thing". You are responsible for your own actions and not the assumed actions of others.
There are very few paths from willingly participating in bad things to having those actions described as ethical. This is a very well covered philosophical concept.
Ethics is about choices between alternatives, it's not unethical to do a bad thing if all of the other alternatives are worse.
You've artificially narrowed the alternatives so that you can rationalize choosing an unethical one. Even choice #1, refusing to do the bad thing, was artificially constrained so that it could be dismissed out of hand.
Your mindset and capability for rationalizing unethical acts doesn't give me much faith in Google as a "highly ethical organization". Did they teach you these methods?
The weakest link is the part where you upload all of your data to a "zero knowledge" storage provider. "Zero knowledge" just means, "I promise not to look at your data (yet)."
A $50 SSD isn't going to hold more than a few games at a time, which means I'll be spending my time moving games between drives every time I want to play something different.
I'm not flush with free time and I play games to unwind. It's much less relaxing to have to implement workarounds for problems that should be handled by the games themselves. If I'm going to do that, I might as well just go the RAM disk route like I said in the original post.
Speeding around me in the slow lane when I'm already going ten over, but have a full two-second gap in front of me.
I agree with everything you said but this. If somebody can pass you on the right, then you're in the wrong damned lane. It doesn't matter how fast you're going. My drive to and from work is hellish, and it's almost entirely due to people hanging out in the left lane and forcing people to pass on the right or weave through traffic to get past them. At times, there a whole stack of cars in the left lane (often riding each other's ass) and the right lane is clear for literally miles. Keep right except to pass, OK?
If you can pull yourself out of your trembling puddle of irrational fear, target shooting can be a very chill activity. Consistently accurate shooting requires a great deal of self-awareness and self-control. I find it to be very relaxing and almost zen-like. Holding your concentration through the noise and recoil of the shot is also extremely good for mastering meditation.
Shooting other people for fun or profit is pretty fucked up, but there's nothing inherently un-chill about firearms. It sounds like the one who needs to chill is you.
I agree. My gaming PC from 2009 has 16 GB of RAM that sits empty while the games slowly load assets from the spinning disc at preset intervals/locations. (Loading...) The CPU sits idling while the (single threaded, 32bit) AI process makes sure not to use any of it to make better behaving enemies/NPCs.
The only thing that is even remotely improving is the graphics, but my two seven year old middle-grade GPUs still let me play everything all maxed out.
Everything seems to be made for consoles and refuses to even take advantage of the extra capabilities of better hardware. At the very least, with more free RAM than the entire game's assets, I should never have to see an inter-level loading screen again (SSDs help, but maybe I should set up a RAM disk).
You can't fix an ECM/TCM by yourself, so for repairs, dealers are still a must.
Dealers don't fix an ECM/TCM, either. They just swap them out like any other shop would. They used to have better computers for testing individual actuators and solenoids and stuff, but you can buy a nice bi-directional scanner for the cost of one repair at a dealership. Nearly every shop will have one, or can borrow/rent the proprietary one from the dealership itself.
Take your car to the dealership for warranty repairs or the included first year of oil changes. There's no reason to give them more money after that.
They had to. Concentrating this last little bit of wealth is going to be the hardest part so far and they need to be ready when it starts cutting into the bread-and-circuses fund. Expect much more of this in the near future.
Are you open carrying the 22/45? If you're just using it to announce that there are armed people present so don'y try anything stupid, then even a spray-painted blue gun would work for that.
If you are intending to stop an armed threat with the least amount of force necessary, then I'd really recommend against using a .22 LR. A .22 is perfectly capable of a lethal shot if placed well, but if you're not trying to kill with it you're likely to just escalate the situation. I was shot in the foot with a .22 as a teenager by my stupid friend and didn't even know it until I started to walk. I was startled by the crack and never even felt the shot. If guns are drawn and tensions are high, shooting someone with a .22 (with the intention of incapacitating but not killing) is likely to just make them start shooting. If you intend to be able to actually stop/incapacitate somebody, you're better off with a 9mm or something that will definitely get their attention. Even a .22 WMR or .380 will get somebody's attention, while still allowing the gun to be small and light.
Those consumed by hubris will continually reinvent what already exists, poorly.
"Scrambling" an SNTP client's clock doesn't require this exploit because SNTP doesn't retain any state (and all the complexities that come from that). The systemd time sync client is especially naive, even for SNTP.
The United States: it's safer here.
Many ISPs, Comcast included, will provide a smarthost of their own that you can use (the creatively named smtp.comcast.net at Comcast). It's not free in that you're paying for the internet connection anyway, but they'll happily let you relay your outbound mail through them.
Who in their right mind runs an email server without a static IP?
I do, and it works out fine. It's a business account, so they don't block any ports, the subnet isn't on any blacklists, and the IP address rarely actually changes (~once a year, tops). I just sync the DNS to the new address when it changes and pay for a backup MX service ($2/mo, good for extended power outages or server reboots, too). With proper TLS certs, SPF records, and DKIM set up, I've never had any problems sending or receiving mail.
Mismatching rDNS records shouldn't result in a bounced message by itself. I never bounce a message on that alone and I've got spam well under control on my domain. It's not really even that reliable of an indicator of spam.
In the most dire situation, you can always relay your outgoing mail through your ISP's mail server. That adds a ton of legitimacy to your outbound mail as they typically have all of their ducks in a row, configuration-wise.
It seems like I'm dismissing your point instead of discussing it because you're arguing against a stance that I'm not even taking.
My stance is that trusting Google or any single party to store your private data and secure it against even their own access is silly, especially if you have no way to verify this. The fact that they offer you an auto-updating binary means that you cannot verify this, even if you wanted to.
A more secure, but still insecure (see below), approach would be to encrypt your data with software from one party and store it with another. Gaining access to that particular data would cooperation between two parties, which is less likely. The need for a conspiracy against you reduces the risk associated with the second scenario. It doesn't necessarily reduce the risk by much, but a risk reduction is the entirety of my point. Security is made up of an collection of such risk reductions (some larger than others).
If you're saying that your data can be easily acquired through other means, then I agree. Though that depends on the data, of course. Your browsing history is out of your control, but passwords and bookmarks (and their organization or any attached notes) are valuable and not common knowledge to everybody else. The contents of encrypted emails to friends or notes to myself are not so easily deduced from my browsing habits. Just because your traffic patterns can be analyzed doesn't mean that you should willingly hand over everything else.
Maybe some disclaimers would help clear up what I am not advocating: I don't (deliberately) use Google or any "cloud" provider to keep my data online. I don't use social media. I don't use online password managers. I host all of my data myself and consider it insecurable once it has left my control, even if it is "encrypted" (the most exploited aspect of encryption is imperfect implementation; even encrypted data should be protected).
I have to admit that it doesn't seem like you're arguing against anything that I'm actually saying at this point. Since I'm getting bored of this "debate", you can go ahead and beat these bizarre little strawmen apart while I go talk with someone a little more interesting.
As a very longtime Linux user, my introduction to the BSD world was through Mac OS X. Since then, I've gained a great appreciation for it. More of my new servers end up being FreeBSD and OpenBSD lately.
If you're familiar with Linux (or Mac OS X), I definitely recommend checking it out. It's a very accessible and very rewarding environment.