What if he doesn't trust the implementation of the encryption in the password manager? That's hardly the same thing as not trusting any encryption.
There's a pretty big leap from not wanting to expose your password database to unnecessary risk by handing it directly to your adversaries to not using any websites at all.
Do you guys really think about things this simplistically?
There's a copy of it at the New York Public Library and one of his relatives has a site with a scan of the book (I can't believe they let me photocopy the whole book!) and pictures of the plates.
Unfortunately, it's mostly not that interesting of a read.
Length and coherency don't preclude madness. One of my father's patients claimed to visit another world frequently and wrote a very long book detailing the world and its inhabitants. I have a huge map he drew of the place with detail so fine you need a magnifying glass to read it all and plates of the (not surprisingly) bizarre animals that lived there. The whole thing is incredibly detailed and quite internally consistent. Schizophrenia is not orthogonal to intelligence.
There's also work like Henry Darger's, which is extremely lengthy and follows a coherent theme.
(probably many are for non-violent crimes, though it would have to be a fairly major property crime or spree of such for the cops to go through the trouble of doing the paperwork)
...or involve drugs. After forfeiture and other asset seizure, any investigation involving drugs more than pays for itself.
Pedantic nerdy self-correction: It's not really "cloud" companies per se that do this, but "internet of things" companies and the intersection of the two categories.
While many people are interested in a device that interacts with the world around them, I doubt that many people want every interaction to be funneled through, and dependent on, Google (or any other data siphon). The MO of "cloud" companies seems to be all about unnecessarily inserting themselves into every activity as a creepy middleman.
All of the comments are just talking about Beta, which is completely understandable but completely uninteresting. [Note to the mods: this is how it should be. Trying to bury the Beta discussion won't fix things.] I'll check back in after the boycott and see if there's anything left standing.
If there isn't, I want to thank all of you for many years of good conversation and interesting discussions. This was a great thing to be a part of for a time.
I'm going to have to add a firewall rule to keep habit and muscle memory from bringing me back here until then. Productivity, here I come!
It's like they realize that it's some sort of punishment, too. First, they inflicted it on the ACs, now they're redirecting logged in users. I payed them cold hard cash (which I'm regretting now) and as a subscriber they haven't started redirecting me, yet. When they do, I'm out.
I wouldn't really include satellite encryption as a "DRM works" example. Their story is one of extremely high expense and ultimately they needed new laws passed and aggressively enforced to make their DRM work. Their technical DRM is less effective than their use of law enforcement resources and subsequent prohibition of enabling technologies.
That's like saying CSS works because the MPAA will sue you for torrenting movies.
I didn't single out Google: I specifically said "or any third party". I'll stop using the name Google and use "cloud" from now on if that'll ease your need to apologize for them.
Anyway, the solution to realizing that you've given someone else the keys to your kingdom and free access to all business negotiations and trade secrets isn't to "stop worrying about it", which is exactly my point.
Relying on a "cloud" company for all of your IT services is negligent and short-sighted. Having another company supply infrastructure or manage individual services isn't as bad.
Google+, despite what a lot of people think, is very popular for companies to utilize for work projects. Hangouts is a great way to create conference calls, and since its tied into your other Google services like Drive, you can pretty much use it as a company intranet.
Letting Google, or any third party, be privy to all of your company's internal affairs is quite a precarious position to voluntarily put yourself in. This is the context in which this thread started.
That depends. I'm at a university and, no matter what I put for the address, the package always goes through the receiving department. Some companies are like that, too. This is especially true at places with restricted access to the buildings, in which case delivery trucks are only allowed to go to the receiving docks.
What's the physical mechanism for that? Magnetic media stores information as the reorientation of magnetic domains on the disc. There's no physical reason why magnetic orientation sitting for longer would be more persistent than that which is changed quickly. The field created by the write coil is roughly the same during the first write as the 50th write and the polarizability of the domains doesn't change much with time. There's nothing special about the first write.
If anything, data that sits on the disk for a long time is more easily overwritten because of bitrot (cosmic rays, thermal homoginization of the domains, etc). As the drive sits, the individual magnetic domains are less likely to be a uniform chuck of similar magnetic orientation.
Where did you get that? Both nitrocellulose (smokeless powder) and the primers used in modern firearms are "nitrate-based". Black powder uses potassium nitrate as an oxidizer.
Furthermore, phosphate is a poor oxidizer and wouldn't be used as such in any firearms. How does this drivel get modded up?
Interestingly, it does suggest a strategy to deter litigation if you are ever caught up in one of these cases or to crumble the plaintiff's whole scheme if the defendants could all coordinate.
The bad aspects of cultures should be changed, but it's touchy because it often gets ibnncorrectly equated to race.
I think that culture is deliberately equated to race by some to dismiss, without consideration, the idea that the disadvantages some people carry because of their culture are 1) repairable, by fixing the bad aspects of the culture, and 2) the fault of the members of the culture, by teaching these bad thought patterns and behaviors to their members.
It's far more appealing to these people to think that certain people are inferior/superior because of their race (the racist crowd) or that it's somehow everybody else's fault for the failure of certain cultures to prosper (the PC crowd). Equating culture to race allows us to not address the shortcomings in our different cultures and to shout down any attempt to even identify the shortcomings as racist.
Cultures may have strong correlation to race because distinct cultures were often developed by racially isolated groups of people. But cultures, and the individual behaviors and ideas contains within them, are portable to every group of people. We should be dissecting cultures to adopt the good aspects and shed the bad ones.
You can't transmit with an RTL-SDR, it's just a software defined receiver. You can, however, just buy a NRF24L01+ IC and build your own transceiver like you always could.
The novelty here is decoding the transmissions using an RTL-SDR, not in decoding the transmissions in general.
Because he seems to be confusing "We're powerful enough to avoid facing the consequences of our actions" with "Because we're so powerful, our actions lack any undesirable consequences".
In the short term, and from his perspective, there is no difference between the two claims. Over the long term, though, this position is unsustainable and will lead to the fall of his "empire". Pretending that you change reality by sheer force of will and political power doesn't actually change reality.
Either he isn't concerned with the long-term consequences of his actions (maybe because he'll be dead by the time that they start to come due), in which case he's a self-centered asshole, or he genuinely thinks that politics determine reality, in which case he's a lunatic.
What's unreasonable about those claims is that they are the same power-drunk ravings that have brought down every empire that has ever existed.
Cool. Thanks for the 'evil maid' term. It's difficult to research a subject if you don't know the accepted jargon.
It seems like the extracting->processing->writing could be automated fairly easily to make the process need only a single access to install. It's a shame that Trusted Computing was so tied up with efforts to make it untrusted, as it presents a great solution to this problem.
I suppose you could also keep your bootloader on a read-only USB key (that never leaves your person) and only ever boot from that. This would make changing passwords an arduous task, though (unless you kept the password encrypted key in the volume header).
Is there anything to prevent someone from tampering with the (necessarily unencrypted) bootloader (or whatever the program that accepts your password and decrypts the volume is called)? Why not replace that piece with one that logs the password or otherwise weakens the encryption? Access to the computer for 60 seconds would be sufficient to install something like this.
This is of course relevant to any full disk encryption that doesn't have access to a TPM (and even then, can you trust the TPM?), like FileVault or BitLocker.
Relax, please. I'm not criticizing your precious Google.
My post was only intended to "rightfully mention that the lookup protocol has privacy issues", which are not entirely explored in the docs. The Lookup API is certainly related to Chrome, because it will almost certainly be added to Chrome when they're happy with it (why else would they be developing it?).
Anyway, intentionally or not, you're the one who brought the Lookup API into this conversation.
The basic idea is to spread the signal from a single peak that contains all of the transmitted energy to a very broad series of peaks that each contain a fraction of the transmitted energy. On the receiving end, you recombine the peaks to get enough signal to interpret.
The presence of noise may mask the signal, but it doesn't actually make it stop existing. Transmissions below the noise floor are absolutely possible (I work with them every day). In fact, you do too, since CDMA is a spread spectrum based technology (what do you think "code division" refers to?).
[And to not mislead anyone, there are techniques to detect spread spectrum signals if you don't know the spreading code, but they are not particularly robust and can be designed around.]
You can do that but you cant mask signal strength.
You can easily hide the signal strength using spread spectrum or ultra-wideband transmissions. There need be no peaks above the noise floor, so unless you know the spreading code, you will see nothing at all on your analyzers.
Sound security isn't based on trusting a name. Show us the source if you expect to be trusted. I don't understand how Zimmerman still doesn't get that.
Slashdot Mirror
What if he doesn't trust the implementation of the encryption in the password manager? That's hardly the same thing as not trusting any encryption.
There's a pretty big leap from not wanting to expose your password database to unnecessary risk by handing it directly to your adversaries to not using any websites at all.
Do you guys really think about things this simplistically?
There's a copy of it at the New York Public Library and one of his relatives has a site with a scan of the book (I can't believe they let me photocopy the whole book!) and pictures of the plates.
Unfortunately, it's mostly not that interesting of a read.
Hmm, sanity is apparently orthogonal to proofreading ability.
Length and coherency don't preclude madness. One of my father's patients claimed to visit another world frequently and wrote a very long book detailing the world and its inhabitants. I have a huge map he drew of the place with detail so fine you need a magnifying glass to read it all and plates of the (not surprisingly) bizarre animals that lived there. The whole thing is incredibly detailed and quite internally consistent. Schizophrenia is not orthogonal to intelligence.
There's also work like Henry Darger's, which is extremely lengthy and follows a coherent theme.
(probably many are for non-violent crimes, though it would have to be a fairly major property crime or spree of such for the cops to go through the trouble of doing the paperwork)
...or involve drugs. After forfeiture and other asset seizure, any investigation involving drugs more than pays for itself.
Pedantic nerdy self-correction: It's not really "cloud" companies per se that do this, but "internet of things" companies and the intersection of the two categories.
While many people are interested in a device that interacts with the world around them, I doubt that many people want every interaction to be funneled through, and dependent on, Google (or any other data siphon). The MO of "cloud" companies seems to be all about unnecessarily inserting themselves into every activity as a creepy middleman.
Fuck waiting until next week. I'm starting today.
All of the comments are just talking about Beta, which is completely understandable but completely uninteresting. [Note to the mods: this is how it should be. Trying to bury the Beta discussion won't fix things.] I'll check back in after the boycott and see if there's anything left standing.
If there isn't, I want to thank all of you for many years of good conversation and interesting discussions. This was a great thing to be a part of for a time.
I'm going to have to add a firewall rule to keep habit and muscle memory from bringing me back here until then. Productivity, here I come!
It's like they realize that it's some sort of punishment, too. First, they inflicted it on the ACs, now they're redirecting logged in users. I payed them cold hard cash (which I'm regretting now) and as a subscriber they haven't started redirecting me, yet. When they do, I'm out.
I wouldn't really include satellite encryption as a "DRM works" example. Their story is one of extremely high expense and ultimately they needed new laws passed and aggressively enforced to make their DRM work. Their technical DRM is less effective than their use of law enforcement resources and subsequent prohibition of enabling technologies.
That's like saying CSS works because the MPAA will sue you for torrenting movies.
I didn't single out Google: I specifically said "or any third party". I'll stop using the name Google and use "cloud" from now on if that'll ease your need to apologize for them.
Anyway, the solution to realizing that you've given someone else the keys to your kingdom and free access to all business negotiations and trade secrets isn't to "stop worrying about it", which is exactly my point.
Relying on a "cloud" company for all of your IT services is negligent and short-sighted. Having another company supply infrastructure or manage individual services isn't as bad.
Read the beginning of this very thread:
Google+, despite what a lot of people think, is very popular for companies to utilize for work projects. Hangouts is a great way to create conference calls, and since its tied into your other Google services like Drive, you can pretty much use it as a company intranet.
Letting Google, or any third party, be privy to all of your company's internal affairs is quite a precarious position to voluntarily put yourself in. This is the context in which this thread started.
That depends. I'm at a university and, no matter what I put for the address, the package always goes through the receiving department. Some companies are like that, too. This is especially true at places with restricted access to the buildings, in which case delivery trucks are only allowed to go to the receiving docks.
What's the physical mechanism for that? Magnetic media stores information as the reorientation of magnetic domains on the disc. There's no physical reason why magnetic orientation sitting for longer would be more persistent than that which is changed quickly. The field created by the write coil is roughly the same during the first write as the 50th write and the polarizability of the domains doesn't change much with time. There's nothing special about the first write.
If anything, data that sits on the disk for a long time is more easily overwritten because of bitrot (cosmic rays, thermal homoginization of the domains, etc). As the drive sits, the individual magnetic domains are less likely to be a uniform chuck of similar magnetic orientation.
Where did you get that? Both nitrocellulose (smokeless powder) and the primers used in modern firearms are "nitrate-based". Black powder uses potassium nitrate as an oxidizer.
Furthermore, phosphate is a poor oxidizer and wouldn't be used as such in any firearms. How does this drivel get modded up?
Interestingly, it does suggest a strategy to deter litigation if you are ever caught up in one of these cases or to crumble the plaintiff's whole scheme if the defendants could all coordinate.
The bad aspects of cultures should be changed, but it's touchy because it often gets ibnncorrectly equated to race.
I think that culture is deliberately equated to race by some to dismiss, without consideration, the idea that the disadvantages some people carry because of their culture are 1) repairable, by fixing the bad aspects of the culture, and 2) the fault of the members of the culture, by teaching these bad thought patterns and behaviors to their members.
It's far more appealing to these people to think that certain people are inferior/superior because of their race (the racist crowd) or that it's somehow everybody else's fault for the failure of certain cultures to prosper (the PC crowd). Equating culture to race allows us to not address the shortcomings in our different cultures and to shout down any attempt to even identify the shortcomings as racist.
Cultures may have strong correlation to race because distinct cultures were often developed by racially isolated groups of people. But cultures, and the individual behaviors and ideas contains within them, are portable to every group of people. We should be dissecting cultures to adopt the good aspects and shed the bad ones.
You can't transmit with an RTL-SDR, it's just a software defined receiver. You can, however, just buy a NRF24L01+ IC and build your own transceiver like you always could.
The novelty here is decoding the transmissions using an RTL-SDR, not in decoding the transmissions in general.
Because he seems to be confusing "We're powerful enough to avoid facing the consequences of our actions" with "Because we're so powerful, our actions lack any undesirable consequences".
In the short term, and from his perspective, there is no difference between the two claims. Over the long term, though, this position is unsustainable and will lead to the fall of his "empire". Pretending that you change reality by sheer force of will and political power doesn't actually change reality.
Either he isn't concerned with the long-term consequences of his actions (maybe because he'll be dead by the time that they start to come due), in which case he's a self-centered asshole, or he genuinely thinks that politics determine reality, in which case he's a lunatic.
What's unreasonable about those claims is that they are the same power-drunk ravings that have brought down every empire that has ever existed.
Cool. Thanks for the 'evil maid' term. It's difficult to research a subject if you don't know the accepted jargon.
It seems like the extracting->processing->writing could be automated fairly easily to make the process need only a single access to install. It's a shame that Trusted Computing was so tied up with efforts to make it untrusted, as it presents a great solution to this problem.
I suppose you could also keep your bootloader on a read-only USB key (that never leaves your person) and only ever boot from that. This would make changing passwords an arduous task, though (unless you kept the password encrypted key in the volume header).
Is there anything to prevent someone from tampering with the (necessarily unencrypted) bootloader (or whatever the program that accepts your password and decrypts the volume is called)? Why not replace that piece with one that logs the password or otherwise weakens the encryption? Access to the computer for 60 seconds would be sufficient to install something like this.
This is of course relevant to any full disk encryption that doesn't have access to a TPM (and even then, can you trust the TPM?), like FileVault or BitLocker.
Relax, please. I'm not criticizing your precious Google.
My post was only intended to "rightfully mention that the lookup protocol has privacy issues", which are not entirely explored in the docs. The Lookup API is certainly related to Chrome, because it will almost certainly be added to Chrome when they're happy with it (why else would they be developing it?).
Anyway, intentionally or not, you're the one who brought the Lookup API into this conversation.
Here's a decent primer for you.
The basic idea is to spread the signal from a single peak that contains all of the transmitted energy to a very broad series of peaks that each contain a fraction of the transmitted energy. On the receiving end, you recombine the peaks to get enough signal to interpret.
The presence of noise may mask the signal, but it doesn't actually make it stop existing. Transmissions below the noise floor are absolutely possible (I work with them every day). In fact, you do too, since CDMA is a spread spectrum based technology (what do you think "code division" refers to?).
[And to not mislead anyone, there are techniques to detect spread spectrum signals if you don't know the spreading code, but they are not particularly robust and can be designed around.]
You can do that but you cant mask signal strength.
You can easily hide the signal strength using spread spectrum or ultra-wideband transmissions. There need be no peaks above the noise floor, so unless you know the spreading code, you will see nothing at all on your analyzers.
Sound security isn't based on trusting a name. Show us the source if you expect to be trusted. I don't understand how Zimmerman still doesn't get that.