LinkedIn does exactly the same thing. I've never given it permission to harvest my e-mails, yet it somehow seem to suggest me contacts based on addressbook matches alone.
All social platforms are just slimy personal information harversters. Burn them all.
Plenty of people reverse code routinely. Look at something like Veracode's SCA service for example.
I'm saying "many eyes" is not a model you can't trust blindly (heh). You still need to have right types of people looking at your code for security flaws.
It's awesome that in the future 90% of phone calls will be be Robot voice: This call is from Google Assistant. Human voice: Yeah, um, Hi $valued_cutomer, I'd like to, um, tell you about our new next-um-generation product. When would be a good time to, um, schedule a demo? Me: Oh bugger off Human voice: uh-huh Human voice: So Tuesday next week?
To continue in the same style - also maybe us IT-types could actually disable SMBv1 one day in our networks so this crap wouldn't happen. It's been deprecated for couple of decades now.
For those of us living in the privileged western societies, we can of course replace Facebook with something else. But that something else is just going to end up in the same place, because the content provided by these services is financed by marketing money and it's crucial to keep that going - because of quarterly economic reports and the stock market - it's a vicious circle we've created and now have to keep feeding.
In other parts of the world, Facebook is synonymous with Internet access. They don't use computers - Internet is mobile - and Facebook offers free access to that mobile network - if you sign up with them and use their apps, of course.
It's the worst kind of digital colonialism you can think of. Nothing has changed in the world - the Internet didn't make information free. We in the west are still slaves of the system - and we're still exploiting the developing world.
The only sensible move is not to play. The only way to fix it is to change the system. But we're not going to do that. We love our toys.
So yet another random distribution that is telling us it's taking OSS security seriously... and then promptly goes on to confuse privacy and security.
So does anyone know how they're going to do the "security" part of it? Do they pay people to audit code? Is it hardened from the start? Do they compile grsecurity in?
I checked their website - not a word about any security features, but plenty of privacy touting.
> Of course if I were in Russia I would have my doubts about running US software for the same reason
I think that applies to the rest of the world outside US and not just Russia. American government has been the nr 1 information collector for a long time.
Actually it's been shown that American agencies even spy on US citizens. So you're not safe from government oppression even on US soil.
Basically: If any government intrusion is part of your personal threat model... you need to proceed very very carefully. If it's not - well Kaspersky's AV is just as good (or bad) as anyone elses.
For being a "security focused" phone, they didn't really mention anything about security on their site. Perhaps I'm wrong, but this sounded awfully lot like smoke and mirrors type of pitch.
Am I actually supposed to just believe "It runs GNU/Linux kernel, it's secure" or do they actually plan to audit the kernel and components they're including for real? Because that kind of effort costs a helluva lot of money.
I'm guessing they're not and they're just referring to the "many eyes, shallow bugs"-mantra here, but c'mon now... seriously?
Threat Hunting isn't exactly a new concept, it's been around for ages.
But it seems someone, somewhere decided it is going to be the new "hype-base" for magical next generation boxes.. because the previous hype (Threat Intelligence) is dying.
So yeah, cue 2-3 years of "you must hunt proactively with our products"-hype
iOS 8 is not a pig. It's not a living thing at all it's a mobile operating system. And. If it was living, I doubt it would live at the farm.
Having said that, I have not have any issues on any of my upgraded devices (4 iPads in the family, 2 iPhone 5s) and the devices have not expressed any need to roll in the mud either.
Two guys - working working over a decade without funding etc.
Ennead was 29 in 2005 (http://www.wolfmanzbytes.com/windows/70-truecrypt-encryption.html) and they obviously developed it on their freetime.
Fast forward from that to today and you got couple of middle-aged devs, probably with more demading careers and perhaps even families and maybe with young kids.
They started it as a Windows project, when Windows was...a completely different beast than it is today.
It's no wonder TrueCrypt didn't get very many (any?) releases in the past couple of years.
It's certainly a very interesting way to exit stage.
Slashdot Mirror
LinkedIn does exactly the same thing. I've never given it permission to harvest my e-mails, yet it somehow seem to suggest me contacts based on addressbook matches alone.
All social platforms are just slimy personal information harversters. Burn them all.
Thanks. I was wondering what the hell IFTTT was. Never used it.
Very much spot on, sir. Wish I had mod points to give you.
Maybe not in US, but fairly common place here in Sweden. I can't remember last time I had cash in my wallet or had to pay with it ... 2016 maybe?
Plenty of people reverse code routinely.
Look at something like Veracode's SCA service for example.
I'm saying "many eyes" is not a model you can't trust blindly (heh). You still need to have right types of people looking at your code for security flaws.
While the "many eyes" can be theoretically a better model, practice has shown very few actually look at Open Source software with security in mind.
Even critically important projects like OpenSSL.
Security review takes time. Time is money (even in OSS world). Security audits require money. They don't get done, unless commercial entity (using OSS) commissions them.
The "many eyes" is a really bad security model in practice.
Trump winning the elections is the best thing that has ever happened to Twitter and the worst thing that has ever happened to the world.
It's awesome that in the future 90% of phone calls will be be
Robot voice: This call is from Google Assistant.
Human voice: Yeah, um, Hi $valued_cutomer, I'd like to, um, tell you about our new next-um-generation product. When would be a good time to, um, schedule a demo?
Me: Oh bugger off
Human voice: uh-huh
Human voice: So Tuesday next week?
To continue in the same style - also maybe us IT-types could actually disable SMBv1 one day in our networks so this crap wouldn't happen. It's been deprecated for couple of decades now.
For those of us living in the privileged western societies, we can of course replace Facebook with something else. But that something else is just going to end up in the same place, because the content provided by these services is financed by marketing money and it's crucial to keep that going - because of quarterly economic reports and the stock market - it's a vicious circle we've created and now have to keep feeding.
In other parts of the world, Facebook is synonymous with Internet access. They don't use computers - Internet is mobile - and Facebook offers free access to that mobile network - if you sign up with them and use their apps, of course.
It's the worst kind of digital colonialism you can think of.
Nothing has changed in the world - the Internet didn't make information free. We in the west are still slaves of the system - and we're still exploiting the developing world.
The only sensible move is not to play. The only way to fix it is to change the system. But we're not going to do that. We love our toys.
They should give it guns so it can defend itself.
So yet another random distribution that is telling us it's taking OSS security seriously... and then promptly goes on to confuse privacy and security.
So does anyone know how they're going to do the "security" part of it? Do they pay people to audit code? Is it hardened from the start? Do they compile grsecurity in?
I checked their website - not a word about any security features, but plenty of privacy touting.
The American lawyer frenzy and harsh punishment driven mentality feel really strange to an outsider.
So deactivating Trumps account was probably a stupid thing to do, but c'mon 10 years in prison? Is that really productive?
> Of course if I were in Russia I would have my doubts about running US software for the same reason
I think that applies to the rest of the world outside US and not just Russia. American government has been the nr 1 information collector for a long time.
Actually it's been shown that American agencies even spy on US citizens. So you're not safe from government oppression even on US soil.
Basically: If any government intrusion is part of your personal threat model... you need to proceed very very carefully. If it's not - well Kaspersky's AV is just as good (or bad) as anyone elses.
For being a "security focused" phone, they didn't really mention anything about security on their site. Perhaps I'm wrong, but this sounded awfully lot like smoke and mirrors type of pitch.
Am I actually supposed to just believe "It runs GNU/Linux kernel, it's secure" or do they actually plan to audit the kernel and components they're including for real? Because that kind of effort costs a helluva lot of money.
I'm guessing they're not and they're just referring to the "many eyes, shallow bugs"-mantra here, but c'mon now... seriously?
Fairly certain systemd is about to completely re-write emacs from scratch as a systemd service. It's vital for init sequence.
Or.. the presidency.
In words of Alex Stamos (Facebook CISO, back then Yahoo CISO): Fortune 500 consists of "SECURE 100" and "TOASTED 400".
I'd say it's about right.
Source:
http://image.slidesharecdn.com...
By the way, I highly recommend that talk:
https://www.youtube.com/watch?...
Threat Hunting isn't exactly a new concept, it's been around for ages.
But it seems someone, somewhere decided it is going to be the new "hype-base" for magical next generation boxes.. because the previous hype (Threat Intelligence) is dying.
So yeah, cue 2-3 years of "you must hunt proactively with our products"-hype
True. And! Luckily Canonical has a really stellar track record with users privacy issues. ... yeah, not really
iOS 8 is not a pig. It's not a living thing at all it's a mobile operating system. And. If it was living, I doubt it would live at the farm.
Having said that, I have not have any issues on any of my upgraded devices (4 iPads in the family, 2 iPhone 5s) and the devices have not expressed any need to roll in the mud either.
Did you actually read the thread?
You know, where Linus tracks down the thing and collaborates very professionally with other devs?
Yes, he uses harsh language at times, but who the fuck doesn't. He does not work in enterprise environment, it's his own mailinglist.
Julian, is that you?
Two guys - working working over a decade without funding etc.
Ennead was 29 in 2005 (http://www.wolfmanzbytes.com/windows/70-truecrypt-encryption.html) and they obviously developed it on their freetime.
Fast forward from that to today and you got couple of middle-aged devs, probably with more demading careers and perhaps even families and maybe with young kids.
They started it as a Windows project, when Windows was...a completely different beast than it is today.
It's no wonder TrueCrypt didn't get very many (any?) releases in the past couple of years.
It's certainly a very interesting way to exit stage.
It's just his page, read the actual quote I referenced, it's nothing to do with Steve Gibson - he is just quoting two people on twitter.
Bottom line - we have no evidence of warrant canary or "dev rage quit".
Also: https://twitter.com/0xabad1dea...
Personally I'm more inclined to believe the devs calling it than any NSA scheme, but again.
No. Evidence.