Security is a process, with a large continuum of relative success. The entire process depends on locating risks and minimizing their impact.
Your entire statement is a textbook example of letting "perfect" be the enemy of "good enough". The answer to perfect security is to not play at all, but that doesn't mean that choosing to play means that you have zero security. There is a large region between perfectly secure and completely insecure and pretending that the situation is black and white doesn't actually help anybody.
trusting a single party to store your private data and handle the encryption of that private data with a binary that they provide to you is incredibly naive.
Verses auditing the source-code yourself and compiling it every time? Honestly, that's a bit much.
It is a bit much, which is why your best approach is to avoid situations where you need to put all of your trust in a single other party. Trusting the biggest dataminer on the planet to handle your data in such a way that they are not able to datamine it, with their word as the only reassurance, is a silly proposition. If you use an encryption solution from one party and a storage solution from another party, you've diluted the damage that a single malicious actor can do.
If he's paranoid of Internet firms having his data for 'privacy' reasons, he shouldn't be online. Anything less is a false sense of security; don't even bother trying to sell it otherwise.
There are degrees of "paranoid", from entirely forgoing encryption and live-posting your life to living in a shack in the woods without electricity. Trying to sell the idea that that you can't have perfect privacy, so you should just give up and learn to love Big Brother is far more damaging than mitigating the chances of privacy loss where you can. Trusting Google to protect your privacy, especially from themselves, falls toward the first part of that spectrum.
You basically can't trust anybody, but my point is simpler than that: trusting a single party to store your private data and handle the encryption of that private data with a binary that they provide to you is incredibly naive. If that party wants your data, it's incredibly easy for them to get it. Even without being paranoid, that's a piss-poor approach to securing your privacy.
That a lot of trust that you're putting in Google.
If they want your data, they can capture your password when you enter it into the software that they provided to you (Chrome). Not visible to you =/= not possible. For all you know, telling you that you can't manage your passwords because it's protected by a private passphrase could just be a show. I don't think it is, but don't be naive and think that it isn't possible. They could decrypt your data and start mining it tomorrow and you'd never know it.
Well, DNA is hereditary, so if theres one in a city, there will likely be many more there too. Our genetic makeup isn't randomly distributed across the population.
They don't get it right all the time, and certainly, in general they have a slight leftward lean, but they do a far far far better job than any channel beholden to people who can choose whether to pay or not.
From my perspective, they don't have a leftward lean as much as they have an authoritarian, pro-government lean. That may have something to do with them being "beholden to people who can choose whether to pay or not."
Superficially, the left appears more authoritarian, but that's only because the right prefers to distribute the authority (and thus diffuse the accountability) through the private sector.
Do you have an example of something that takes an exact integer number of Planck units to occur? Do you know of something that takes ten or one hundred Planck units to occur? Why are you so fixated on this unit having such special properties?
Acting as if the failure of others to attempt to disprove your wacky theory gives it some weight, while providing no rationale for it yourself, only makes you come off as a crackpot.
The lack of an example doesn't give your theory any physical significance. A few hundred years ago, people could provide no examples of events that were quicker than a few hundred milliseconds and them suggesting that their observed value was the "frame-rate of the universe" would have been just as silly.
Can you give some justification for why you think that a unit that was defined arbitrarily, to allow us to simplify calculations, is in fact the smallest unit of time possible? Additionally, why do you think that time is quantized at all?
Sniffing the SMS message from the air is obscure enough to expect it to not happen often, but yanking the SIM card from the smartphone will enable you to receive SMS messages without having to bypass the phone's lockscreen. Almost nobody enables the PIN lock on their SIM cards.
Did you even read the link? Your chosen definition is entirely based on the unsourced assertion that, "Accurately defined, a democracy is a form of government in which the people decide policy matters directly..." The oldest English dictionary that I can find defines democracy as a literal translation, "rule of the people". From where did his "accurate" definition come from?
Even the distinctly oligarchic Sparta was considered democratic by contemporaries (by the more direct democracy in Athens), and they invented the word.
democracy 1. Government by the people, exercised either directly or through elected representatives. 2. A political or social unit that has such a government. 3. The common people, considered as the primary source of political power. 4. Majority rule. 5. The principles of social equality and respect for the individual within a community.
Without you giving LastPass your master password and access to your two-factor authentication (you are using two-factor, right?), they couldn't tell you even one of your passwords if their lives depended on it.
So they claim, but since you're using black-box software provided by them to access your passwords that's a pretty specious claim. If the current binary that they provided to you doesn't harvest your access keys, the next one very well could (and most certainly would if their lives depended on it).
Marketing claims may provide some hint at utility, but they shouldn't be conflated with an actual measure of security.
Some hosting and online backup providers also offer solutions where every file is encrypted on the client side, and the hosting provider never gains access to the plaintext files.... this is what you need.
Be careful with this, though. If you need to put trust in other people, then you should limit the amount of damage that any single untrustworthy actor can do.
Using a solution where a single company provides the hosting and the encryption software (especially if it's provided as a precompiled binary and/or autoupdates at the provider's desire) should command no more trust than a company that hosts your files and claims to encrypt them server-side. If they want access to your files or are acting on behalf of somebody who does, then they will get access and you will not necessarily even know.
You're better off using separate providers for the hosting and the encryption software. Or just hosting it yourself.
HFCS stands for High Fructose Corn Syrup, as even the most cursory search will reveal. Talk about failing reading comprehension. Wow.
"Sugar", while being a generic term for any sweet carbohydrate (like "salt" refers to any ionic compound, but usually means NaCl), generally refers to "table sugar" or sucrose (which HFCS doesn't contain). The disaccharide sucrose is biochemically different from the monosaccharides that it is made from. Claiming otherwise is almost as ignorant as claiming that table salt is dangerous because it is made of explosive sodium and corrosive chlorine.
There's some very important meaning in 'don't be evil' that I always liked.
I've always through that the need to specifically remind yourself to not be evil was a little damning in itself. It seemed a bit like the guy wandering the subway muttering to himself, "don't murder anybody." It's not exactly reassuring.
The fact that it has been in public beta for 3 months and now all of a sudden they realize there might be an issue is just negligence on their part.
Yeah, I'm not a big fan of for-pay app developers (on any platform) who find out that their programs don't work on a new OS version at the same time as their customers. Nearly every platform offers API documentation and betas of their new OS versions well in advance of the actual release.
Yeah it could be used for first person shooters (for example) but then the game has to somehow reconcile a person running, spinning, jumping, aiming, shooting, standing, crouching and throwing stuff to someone in real life sat on a couch. It's likely that it will be extremely disorientating and puke inducing.
I agree that it may be better suited for cockpit-style games, but why would the FPS mechanics necessarily make anybody sick? When playing an FPS on a flat screen, you're still "running, spinning, jumping, aiming, shooting, standing, crouching and throwing stuff" in game, while really just sitting on a couch. Even worse, turning your head in real life has no effect on the game viewport, which is instead turned with buttons while your head remains stationary. If that doesn't make people sick, I don't see why improving the player-avatar feedback would make it worse.
Yikes! So you'd have to hand your unlocked phone to the officer, who would then presumably bring it back to his cruiser like he would ordinarily bring your license and insurance?
A dedicated hardware firewall gets a little awkward when you're traveling with a phone or laptop. Sometimes, you just have to settle for a software firewall on your device.
Writing an interactive egress firewall for Linux shouldn't be hard and I may get around to doing that someday. But on Linux the OS and most apps are pretty well behaved, so there's not an urgent need to keep an eye on their every connection attempt.
Android is another story, with both the OS and the apps constantly phoning home and making connection attempts. I have no idea how to even begin to shoehorn an egress firewall into Android, so the best that I can do now is block per-app with AFWall+.
As mentioned, Little Snitch works well on a Mac. The last time I used iOS, I used Firewall iP. It required a jailbroken phone and I don't know if it's still maintained.
I've never found an interactive egress firewall for Linux or Android, which always surprised me.
That's the common wisdom, but in reality air resistance plays a much smaller role in fuel consumption than transmission gearing. Modern cars can get much better fuel economy at higher speeds if they are geared for it. Even my 15 year old cars get better fuel economy at 130 km/h than 100 km/h.
Unless he altered the electronics, simply taking something apart shows more knowledge of using a screwdriver than anything else.
But taking things apart is the usual first step. It may have been uneventful for him this time, but next time he may break off a wire or let the smoke out of something and need to repair it. Just like your carburetor example, you start some serious learning when things start going wrong.
When I was a little kid, I was lauded as some sort of electronics whiz for fixing broken appliances, too. Your average adult is not even comfortable with a screwdriver and has no idea what the inside of an alarm clock might even look like.
Slashdot Mirror
Security is a process, with a large continuum of relative success. The entire process depends on locating risks and minimizing their impact.
Your entire statement is a textbook example of letting "perfect" be the enemy of "good enough". The answer to perfect security is to not play at all, but that doesn't mean that choosing to play means that you have zero security. There is a large region between perfectly secure and completely insecure and pretending that the situation is black and white doesn't actually help anybody.
Verses auditing the source-code yourself and compiling it every time? Honestly, that's a bit much.
It is a bit much, which is why your best approach is to avoid situations where you need to put all of your trust in a single other party. Trusting the biggest dataminer on the planet to handle your data in such a way that they are not able to datamine it, with their word as the only reassurance, is a silly proposition. If you use an encryption solution from one party and a storage solution from another party, you've diluted the damage that a single malicious actor can do.
If he's paranoid of Internet firms having his data for 'privacy' reasons, he shouldn't be online. Anything less is a false sense of security; don't even bother trying to sell it otherwise.
There are degrees of "paranoid", from entirely forgoing encryption and live-posting your life to living in a shack in the woods without electricity. Trying to sell the idea that that you can't have perfect privacy, so you should just give up and learn to love Big Brother is far more damaging than mitigating the chances of privacy loss where you can. Trusting Google to protect your privacy, especially from themselves, falls toward the first part of that spectrum.
I'm game. My dissertation concerned modeling light propagation at the surface of fatty tissues, which seems pretty relevant here.
I've also refused to discover who these people are on principle, but this seems like a good reason to make an exception.
You basically can't trust anybody, but my point is simpler than that: trusting a single party to store your private data and handle the encryption of that private data with a binary that they provide to you is incredibly naive. If that party wants your data, it's incredibly easy for them to get it. Even without being paranoid, that's a piss-poor approach to securing your privacy.
That a lot of trust that you're putting in Google.
If they want your data, they can capture your password when you enter it into the software that they provided to you (Chrome). Not visible to you =/= not possible. For all you know, telling you that you can't manage your passwords because it's protected by a private passphrase could just be a show. I don't think it is, but don't be naive and think that it isn't possible. They could decrypt your data and start mining it tomorrow and you'd never know it.
Well, DNA is hereditary, so if theres one in a city, there will likely be many more there too. Our genetic makeup isn't randomly distributed across the population.
They don't get it right all the time, and certainly, in general they have a slight leftward lean, but they do a far far far better job than any channel beholden to people who can choose whether to pay or not.
From my perspective, they don't have a leftward lean as much as they have an authoritarian, pro-government lean. That may have something to do with them being "beholden to people who can choose whether to pay or not."
Superficially, the left appears more authoritarian, but that's only because the right prefers to distribute the authority (and thus diffuse the accountability) through the private sector.
Do you have an example of something that takes an exact integer number of Planck units to occur? Do you know of something that takes ten or one hundred Planck units to occur? Why are you so fixated on this unit having such special properties?
Acting as if the failure of others to attempt to disprove your wacky theory gives it some weight, while providing no rationale for it yourself, only makes you come off as a crackpot.
The lack of an example doesn't give your theory any physical significance. A few hundred years ago, people could provide no examples of events that were quicker than a few hundred milliseconds and them suggesting that their observed value was the "frame-rate of the universe" would have been just as silly.
Can you give some justification for why you think that a unit that was defined arbitrarily, to allow us to simplify calculations, is in fact the smallest unit of time possible? Additionally, why do you think that time is quantized at all?
Sniffing the SMS message from the air is obscure enough to expect it to not happen often, but yanking the SIM card from the smartphone will enable you to receive SMS messages without having to bypass the phone's lockscreen. Almost nobody enables the PIN lock on their SIM cards.
You don't need the phone to receive text messages... just the SIM.
Did you even read the link? Your chosen definition is entirely based on the unsourced assertion that, "Accurately defined, a democracy is a form of government in which the people decide policy matters directly..." The oldest English dictionary that I can find defines democracy as a literal translation, "rule of the people". From where did his "accurate" definition come from?
Even the distinctly oligarchic Sparta was considered democratic by contemporaries (by the more direct democracy in Athens), and they invented the word.
This again?
democracy
1. Government by the people, exercised either directly or through elected representatives.
2. A political or social unit that has such a government.
3. The common people, considered as the primary source of political power.
4. Majority rule.
5. The principles of social equality and respect for the individual within a community.
Without you giving LastPass your master password and access to your two-factor authentication (you are using two-factor, right?), they couldn't tell you even one of your passwords if their lives depended on it.
So they claim, but since you're using black-box software provided by them to access your passwords that's a pretty specious claim. If the current binary that they provided to you doesn't harvest your access keys, the next one very well could (and most certainly would if their lives depended on it).
Marketing claims may provide some hint at utility, but they shouldn't be conflated with an actual measure of security.
Some hosting and online backup providers also offer solutions where every file is encrypted on the client side, and the hosting provider never gains access to the plaintext files.... this is what you need.
Be careful with this, though. If you need to put trust in other people, then you should limit the amount of damage that any single untrustworthy actor can do.
Using a solution where a single company provides the hosting and the encryption software (especially if it's provided as a precompiled binary and/or autoupdates at the provider's desire) should command no more trust than a company that hosts your files and claims to encrypt them server-side. If they want access to your files or are acting on behalf of somebody who does, then they will get access and you will not necessarily even know.
You're better off using separate providers for the hosting and the encryption software. Or just hosting it yourself.
HFCS stands for High Fructose Corn Syrup, as even the most cursory search will reveal. Talk about failing reading comprehension. Wow.
"Sugar", while being a generic term for any sweet carbohydrate (like "salt" refers to any ionic compound, but usually means NaCl), generally refers to "table sugar" or sucrose (which HFCS doesn't contain). The disaccharide sucrose is biochemically different from the monosaccharides that it is made from. Claiming otherwise is almost as ignorant as claiming that table salt is dangerous because it is made of explosive sodium and corrosive chlorine.
There's some very important meaning in 'don't be evil' that I always liked.
I've always through that the need to specifically remind yourself to not be evil was a little damning in itself. It seemed a bit like the guy wandering the subway muttering to himself, "don't murder anybody." It's not exactly reassuring.
The fact that it has been in public beta for 3 months and now all of a sudden they realize there might be an issue is just negligence on their part.
Yeah, I'm not a big fan of for-pay app developers (on any platform) who find out that their programs don't work on a new OS version at the same time as their customers. Nearly every platform offers API documentation and betas of their new OS versions well in advance of the actual release.
Yeah it could be used for first person shooters (for example) but then the game has to somehow reconcile a person running, spinning, jumping, aiming, shooting, standing, crouching and throwing stuff to someone in real life sat on a couch. It's likely that it will be extremely disorientating and puke inducing.
I agree that it may be better suited for cockpit-style games, but why would the FPS mechanics necessarily make anybody sick? When playing an FPS on a flat screen, you're still "running, spinning, jumping, aiming, shooting, standing, crouching and throwing stuff" in game, while really just sitting on a couch. Even worse, turning your head in real life has no effect on the game viewport, which is instead turned with buttons while your head remains stationary. If that doesn't make people sick, I don't see why improving the player-avatar feedback would make it worse.
Yikes! So you'd have to hand your unlocked phone to the officer, who would then presumably bring it back to his cruiser like he would ordinarily bring your license and insurance?
There's no way for that to go wrong!
A dedicated hardware firewall gets a little awkward when you're traveling with a phone or laptop. Sometimes, you just have to settle for a software firewall on your device.
Writing an interactive egress firewall for Linux shouldn't be hard and I may get around to doing that someday. But on Linux the OS and most apps are pretty well behaved, so there's not an urgent need to keep an eye on their every connection attempt.
Android is another story, with both the OS and the apps constantly phoning home and making connection attempts. I have no idea how to even begin to shoehorn an egress firewall into Android, so the best that I can do now is block per-app with AFWall+.
As mentioned, Little Snitch works well on a Mac. The last time I used iOS, I used Firewall iP. It required a jailbroken phone and I don't know if it's still maintained.
I've never found an interactive egress firewall for Linux or Android, which always surprised me.
You're completely correct, but testing with Little Snitch shows that Apple is fairly well behaved in this regard. At least for now.
That's the common wisdom, but in reality air resistance plays a much smaller role in fuel consumption than transmission gearing. Modern cars can get much better fuel economy at higher speeds if they are geared for it. Even my 15 year old cars get better fuel economy at 130 km/h than 100 km/h.
Unless he altered the electronics, simply taking something apart shows more knowledge of using a screwdriver than anything else.
But taking things apart is the usual first step. It may have been uneventful for him this time, but next time he may break off a wire or let the smoke out of something and need to repair it. Just like your carburetor example, you start some serious learning when things start going wrong.
When I was a little kid, I was lauded as some sort of electronics whiz for fixing broken appliances, too. Your average adult is not even comfortable with a screwdriver and has no idea what the inside of an alarm clock might even look like.