Instead of cracking each encoded message they intercept, it would be much easier for the NSA to simply obtain the decryption codes directly from the central authorities like Symantec/VeriSign. This would greatly simplify the problem and would allow the NSA to instantly decode much of the encrypted communication it intercepts
Symantec and VeriSign don't create the encryption keys. You do. The private key remains private. Their job is to simply add a trusted digital signature to the public key that you've produced.
That's true, but with access to the certificate authorities and the whole trust structure, they can generate a valid certificate for your server and effectively be a man-in-the-middle. Unless you inspect the key fingerprints every time you connect, their phony certificate will not raise any alarms at all.
With the CA system we use, you put all of the trust for your security into the hands of a nebulous group of companies distributed around the globe. If any single one of them isn't trustworthy, the entire system fails. It's a pretty horrible system, to be honest.
It may be useful as a means to get a lesser sentence when you know you're going to be found guilty, but it's still deeply wrong.
If the prosecutor is willing to let you leave with a lessor sentence, then why are the original charges with their original sentences even on the table from the beginning? A plea bargain is an admission by the prosecutor that you shouldn't be convicted of the crime for which you are accused. To make him happy, you plead guilty to a crime that neither you not him think you did. In all of that, where exactly did justice occur?
So because there are bad cops, we should throw out bad cops. Plea bargaining is an abortion of justice and should be thrown out. Getting rid of plea bargaining in general only increases justice served, just like getting rid of bad cops increases effective policing.
Applause is one thing, but handshaking and especially eye contact have a point. That you don't see the point doesn't mean it doesn't exist and you handicap yourself by ignoring it.
If you're avoiding eye contact to make an inscrutable social commentary, then I applaud you. If you're doing it because you don't see the point and assume that it therefore has no point, then you are mistaken. If you live in a society, it will only do you benefit to at least learn to fake the social cues that it runs on.
My initial thought was that Google is trying to regain some trust from the public. So many people I talk to lately (even prior to the NSA thing) are increasingly creeped out by Google.
My second thought was that maybe there's a revenue stream in here that I'm missing. Ads for tin foil, maybe?
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
It says nothing about being silent or waiving your rights by testifying. If you answer questions that aren't "being a witness against oneself", where does this say that the fifth no longer applies?
I don't mean to set up strawpeople. I was only pointing out that there are biological roles that are being assigned to women and kept from men.
Maybe I have a misunderstanding of what constitutes "mainstream", also. My wife is a feminist in the sense that I wholly agree with: equality between sexes. The feminist views you seem to hear the most from, though, are from the vocal misandrist population. My university also has a huge push toward "inclusivity", which sounds wonderful, but in practice it seems to be focused opposition to anything that is male or white (or especially both).
There seems to be too much hatred in the sort of feminism I'm exposed to, and I think it does much damage to the cause. Frustration I understand, but anger and hatred don't win hearts and minds. Equality is not a fight you win by cutting down the opposition.
What about paternity leave? Biologically, women can return to work quite soon after giving birth. With the availability of breast pumps and such, men are just as capable of rearing a young baby as women. But feminists rail against paternity leave as men once again asserting privilege and encroaching into the rightful realm of women.
The old feminism of equality was something I could enthusiastically get behind. The new feminism is just misandry, though, which especially sucks because there is still progress to be made toward equality. Bringing hate into the game is only going to hurt the cause of equality.
In what scenario could you actually see that happening? This is the throw out the baby with the bathwater thinking that drives terrorism-related laws. We can think about the outcomes of improbable events, but they shouldn't be the main factor when designing systems.
That means it makes no sense for copyright to extend beyond death.
That's a pretty solid ground from which argue for scaling back copyright. I was always hung up on the "limited Times" part, but this is far more compelling.
Well, that's also assuming that the water just goes away when a human drinks it, which it doesn't. The water cycle is pretty fast and most of that water will end up back in the ocean long before the average human lifespan.
Bullshit. There's nothing in the Android OS which phones home or anywhere else. Yes, there are some applications which do it, but you can shut those off. And if you're extra paranoid just go install a custom ROM and don't run the spyware applications.
That's absolutely false. If Google Apps are installed on the phone (any stock Android, not AOSP or Cyanogenmod (though you can install gapps)), then background programs will make constant connections to Google. GTALK_ASYNC_CONN_com.android.gsf.gtalkservice.AndroidEndpoint will wake the phone periodically to phone home (despite the name, it's not normal GTalk service, as it persists even if Talk is logged out or completely disabled). If you have "Wi-Fi & mobile network location enabled", a service will periodically wake your phone and send Google the surrounding wifi access points, the surrounding cell towers, and sometimes will turn on GPS and send your location.
These are stock Android OS components that phone home. Maybe you use different definitions for "OS" or "phone home", but there is certainly something to be concerned about in Android.
I just ran into this, too. Will paying for business class be enough? A careful reading of their site indicates that business class alone may still leave ports blocked and that you need business class and a static IP (extra $15/mo for 1) to get an unblocked connection.
The AC is right. All of your posts are full of this wild hysterical screeching and it's hard to take you seriously. Anytime somebody tries to argue with you, you respond with hyperbole and straw men. You've even done the same with my post by digging through my posting history and setting up some straw man, which I guess you expect me to defend.
Your entire position can be reduced to a blinding fear of terrorist attack. What is there really to argue with? We get it: there's no limit to the depth of your fear of terrorists. You're not adding anything to these discussions beyond driving that home again and again.
Another poster used the word "quisling" to describe those who are falling all over themselves to defend the actions of the US government right now. I think that suits you well. You have been all over these articles in the last few days trying so hard to paint this twisted picture that the US government spying on its own citizens is a good and noble action. Exposing the treachery of our supposed representatives is what makes the United States stronger. Licking boots has never made one stronger.
Unless you can accurately identify exactly what time the wreck happened, there is no way to tell if someone was texting when the crash happened. They sent a text a minute or 2 ago? "Officer, I sent that while stopped at a red light"
I swear officer, I wasn't driving distracted when I got in that accident just now, I was only driving distracted earlier. That sounds a whole lot like, "When I saw that I was about to hit the other car, I totally sobered up."
Judicial review need not be the same as "weasely reinterpretation". In fact, it's interesting that you bring up Marbury v. Madison, because it's an excellent example of Constitutionality in an age when the Tenth Amendment still meant something. The weasely reinterpretation that passes for judicial review these days presuppose that any power not specifically barred by an amendment is allowed to be taken by the federal government. Marshall's court recognized that the court did not have a power that wasn't specifically delegated to it. His court would not be a friend of the contemporary US government.
Im not sure if it was legal, but if you're not a lawyer I imagine you are also not in a position to determine that.
That is such a fucking cop-out. The Constitution is supposed to represent the will of the people and our consent to be governed by a government of our construction. If the whole thing is subject to weasely reinterpretation and is held as beyond the comprehension of mere citizens (even though it is written in plain English and starts, "We the People..."), then this whole system is a sham.
ok, so we're at a special moment in US history. both the right and the left agree that the government is dysfunctional, highly corrupt, and borderline totalitarian.
appropriate next move... anyone?
Whine and bitch about the other guy and the lesser of two evils. In other words, exactly the same move that got us into this mess.
Oh, I'm sorry, I thought you were asking what was actually going to happen.
Well, it doesn't follow that they store the key on the servers. I assume that a password based key derivation function is used. It is clearly true however that your key is only as strong as the password you choose.
It doesn't have to follow, but I was hoping it did! Them storing the key is the best of all of the possible scenarios that I can see.
Predictably deriving a key from a password (that has no minimum length requirements and a maximum length of 255 characters ASCII) is terribly bad practice. The derived key will, of course, provide no more entropy than the original password (which tops out at ~1200 bits in this case). Opening an account with them and using a password of "1" gives the response "Password looks good!" As this password seems to be the entire foundation on which their security is built, it does not bode well for their other design decisions.
Slashdot Mirror
Instead of cracking each encoded message they intercept, it would be much easier for the NSA to simply obtain the decryption codes directly from the central authorities like Symantec/VeriSign. This would greatly simplify the problem and would allow the NSA to instantly decode much of the encrypted communication it intercepts
Symantec and VeriSign don't create the encryption keys. You do. The private key remains private. Their job is to simply add a trusted digital signature to the public key that you've produced.
That's true, but with access to the certificate authorities and the whole trust structure, they can generate a valid certificate for your server and effectively be a man-in-the-middle. Unless you inspect the key fingerprints every time you connect, their phony certificate will not raise any alarms at all.
With the CA system we use, you put all of the trust for your security into the hands of a nebulous group of companies distributed around the globe. If any single one of them isn't trustworthy, the entire system fails. It's a pretty horrible system, to be honest.
It may be useful as a means to get a lesser sentence when you know you're going to be found guilty, but it's still deeply wrong.
If the prosecutor is willing to let you leave with a lessor sentence, then why are the original charges with their original sentences even on the table from the beginning? A plea bargain is an admission by the prosecutor that you shouldn't be convicted of the crime for which you are accused. To make him happy, you plead guilty to a crime that neither you not him think you did. In all of that, where exactly did justice occur?
So because there are bad cops, we should throw out bad cops. Plea bargaining is an abortion of justice and should be thrown out. Getting rid of plea bargaining in general only increases justice served, just like getting rid of bad cops increases effective policing.
Applause is one thing, but handshaking and especially eye contact have a point. That you don't see the point doesn't mean it doesn't exist and you handicap yourself by ignoring it.
If you're avoiding eye contact to make an inscrutable social commentary, then I applaud you. If you're doing it because you don't see the point and assume that it therefore has no point, then you are mistaken. If you live in a society, it will only do you benefit to at least learn to fake the social cues that it runs on.
My initial thought was that Google is trying to regain some trust from the public. So many people I talk to lately (even prior to the NSA thing) are increasingly creeped out by Google.
My second thought was that maybe there's a revenue stream in here that I'm missing. Ads for tin foil, maybe?
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
It says nothing about being silent or waiving your rights by testifying. If you answer questions that aren't "being a witness against oneself", where does this say that the fifth no longer applies?
"When the President does it, that means that it's not illegal."
Richard M. Nixon
I don't mean to set up strawpeople. I was only pointing out that there are biological roles that are being assigned to women and kept from men.
Maybe I have a misunderstanding of what constitutes "mainstream", also. My wife is a feminist in the sense that I wholly agree with: equality between sexes. The feminist views you seem to hear the most from, though, are from the vocal misandrist population. My university also has a huge push toward "inclusivity", which sounds wonderful, but in practice it seems to be focused opposition to anything that is male or white (or especially both).
There seems to be too much hatred in the sort of feminism I'm exposed to, and I think it does much damage to the cause. Frustration I understand, but anger and hatred don't win hearts and minds. Equality is not a fight you win by cutting down the opposition.
What about paternity leave? Biologically, women can return to work quite soon after giving birth. With the availability of breast pumps and such, men are just as capable of rearing a young baby as women. But feminists rail against paternity leave as men once again asserting privilege and encroaching into the rightful realm of women.
The old feminism of equality was something I could enthusiastically get behind. The new feminism is just misandry, though, which especially sucks because there is still progress to be made toward equality. Bringing hate into the game is only going to hurt the cause of equality.
In what scenario could you actually see that happening? This is the throw out the baby with the bathwater thinking that drives terrorism-related laws. We can think about the outcomes of improbable events, but they shouldn't be the main factor when designing systems.
or the children, grandchildren, great-grandchildren, ... of Authors and Inventors?
Authors and Inventors
That means it makes no sense for copyright to extend beyond death.
That's a pretty solid ground from which argue for scaling back copyright. I was always hung up on the "limited Times" part, but this is far more compelling.
Well, that's also assuming that the water just goes away when a human drinks it, which it doesn't. The water cycle is pretty fast and most of that water will end up back in the ocean long before the average human lifespan.
Bullshit. There's nothing in the Android OS which phones home or anywhere else. Yes, there are some applications which do it, but you can shut those off. And if you're extra paranoid just go install a custom ROM and don't run the spyware applications.
That's absolutely false. If Google Apps are installed on the phone (any stock Android, not AOSP or Cyanogenmod (though you can install gapps)), then background programs will make constant connections to Google. GTALK_ASYNC_CONN_com.android.gsf.gtalkservice.AndroidEndpoint will wake the phone periodically to phone home (despite the name, it's not normal GTalk service, as it persists even if Talk is logged out or completely disabled). If you have "Wi-Fi & mobile network location enabled", a service will periodically wake your phone and send Google the surrounding wifi access points, the surrounding cell towers, and sometimes will turn on GPS and send your location.
These are stock Android OS components that phone home. Maybe you use different definitions for "OS" or "phone home", but there is certainly something to be concerned about in Android.
I just ran into this, too. Will paying for business class be enough? A careful reading of their site indicates that business class alone may still leave ports blocked and that you need business class and a static IP (extra $15/mo for 1) to get an unblocked connection.
If you're using port 25, it's because you actually receive mail from other people.
The AC is right. All of your posts are full of this wild hysterical screeching and it's hard to take you seriously. Anytime somebody tries to argue with you, you respond with hyperbole and straw men. You've even done the same with my post by digging through my posting history and setting up some straw man, which I guess you expect me to defend.
Your entire position can be reduced to a blinding fear of terrorist attack. What is there really to argue with? We get it: there's no limit to the depth of your fear of terrorists. You're not adding anything to these discussions beyond driving that home again and again.
Another poster used the word "quisling" to describe those who are falling all over themselves to defend the actions of the US government right now. I think that suits you well. You have been all over these articles in the last few days trying so hard to paint this twisted picture that the US government spying on its own citizens is a good and noble action. Exposing the treachery of our supposed representatives is what makes the United States stronger. Licking boots has never made one stronger.
Unless you can accurately identify exactly what time the wreck happened, there is no way to tell if someone was texting when the crash happened. They sent a text a minute or 2 ago? "Officer, I sent that while stopped at a red light"
I swear officer, I wasn't driving distracted when I got in that accident just now, I was only driving distracted earlier. That sounds a whole lot like, "When I saw that I was about to hit the other car, I totally sobered up."
Judicial review need not be the same as "weasely reinterpretation". In fact, it's interesting that you bring up Marbury v. Madison, because it's an excellent example of Constitutionality in an age when the Tenth Amendment still meant something. The weasely reinterpretation that passes for judicial review these days presuppose that any power not specifically barred by an amendment is allowed to be taken by the federal government. Marshall's court recognized that the court did not have a power that wasn't specifically delegated to it. His court would not be a friend of the contemporary US government.
Power attracts the corrupt.
Im not sure if it was legal, but if you're not a lawyer I imagine you are also not in a position to determine that.
That is such a fucking cop-out. The Constitution is supposed to represent the will of the people and our consent to be governed by a government of our construction. If the whole thing is subject to weasely reinterpretation and is held as beyond the comprehension of mere citizens (even though it is written in plain English and starts, "We the People..."), then this whole system is a sham.
Quite ironic.
Only to a simpleton. Slashdot isn't actually a hive mind.
ok, so we're at a special moment in US history. both the right and the left agree that the government is dysfunctional, highly corrupt, and borderline totalitarian.
appropriate next move... anyone?
Whine and bitch about the other guy and the lesser of two evils. In other words, exactly the same move that got us into this mess.
Oh, I'm sorry, I thought you were asking what was actually going to happen.
Well, it doesn't follow that they store the key on the servers. I assume that a password based key derivation function is used. It is clearly true however that your key is only as strong as the password you choose.
It doesn't have to follow, but I was hoping it did! Them storing the key is the best of all of the possible scenarios that I can see.
Predictably deriving a key from a password (that has no minimum length requirements and a maximum length of 255 characters ASCII) is terribly bad practice. The derived key will, of course, provide no more entropy than the original password (which tops out at ~1200 bits in this case). Opening an account with them and using a password of "1" gives the response "Password looks good!" As this password seems to be the entire foundation on which their security is built, it does not bode well for their other design decisions.