Quantum computing will always be 20 years away. Getting anything practical work done on quantum computers is not likely going to happen in our lifetimes (unless you redefine 'practical work', of course).
For any and all small to medium size systems I always prefer to go with KVM. With Red Hat's Virt-Manager it's an excellent low-cost and high-performance solution. It's all open source too, which I like very much, but external support might be more expensive to acquire. If you have great talent in-house, then there's usually no need for fallback support.
That is a fork and QT-based implementation of the original Transmission, although I have been using it myself too until I did a complete switch to Linux.
That reminded me of a similar hack I read about a couple of years ago (and holy shit was it hard to find this again). It's about going around the 5 attempt limit per power cycle that exists in Opal compliant ATA password implementations.
There was so much optimism and innovative ideas, there were actually individuals, and it was decentralized - you could actually own a piece of the internet. People even hosted their own websites!! Imagine that. Watching it all fade to the world of Twitter and Facebook...
Whenever there's a new field to be conquered, there tends to be a rush of all sorts of people trying out their ideas. In the end, though, things always start to centralize. Big corporations industrialize even the most mundane things we see on the Internet. If they don't produce the content themselves, they still run the platform the content is produced on (Facebook, Twitter, Blogspot, YouTube etc.)
While the sort of backbone of the Internet has become more and more centralized, I don't think "our" kind of thinkers, who run their own servers and services, have ever gone down in numbers. The Internet around us has just grown so much bigger that our relative size is comparably small. Young people are still very much interested about tinkering with technology and it's now easier than ever (Rapsberry Pi, Adruino etc.) There's also more good advice on the Internet than ever before, and I myself also gladly help when people ask for help with their servers and whatnot.
I think the whole IoT marketing movement is about rebranding existing technologies. Remotely accessible cameras and wearable technology have been around for a very long time practically unchanged, but now they're suddenly categorized under an ambiguous umbrella term. Most of the IoT tech have been security nightmares since day 1 so we shouldn't suddenly worry about them now, we should have worried about them for over a decade. Googling for weakly protected webcams, for example, has been around since the early 2000's and it's been a "new phenomenon" every five years or so.
If there are devices in my home or car that I find intrusive, they can't be secured properly or they somehow threaten my privacy, I'll get rid of them. This of course becomes a bit problematic once we start running out of alternative manufacturers, but I don't think that'll be a problem for a long time to come. Our cars will most likely be the first that we have least choices with as laws have started to mandate certain wireless technologies to be implemented in them.
The very least steps everyone should take to secure networked devices of any kind is to set up a proper firewall at home and whitelist addresses they can connect to. Or even bar them behind a VPN. Wouldn't be something every average Jane and Joe can do, but that's another story.
The only problem I see is lack of professionalism. Having dancers, be it male or female, at a professional event like this underestimates the intelligence of its attendees.
OP said he doesn't want the key to be encrypted because "encrypting it just means another key". This considered the aforementioned solution fits OP's requirements. I personally would encrypt my keys (even the backups), but if it's corporate data we're talking about there's no need for encryption of the backup key.
Get a safety deposit box from a bank, put the key there as an ASCII armored plaintext paper and as a QR code printed on paper. And remember to use quality paper and a laser printer. The only ones who could get access to the key would be robbers and government officials with warrants.
I'm a good proponent of encryption and privacy, but honestly you hit the point of diminishing returns very quickly with security.
True enough. But I think despite this it should be an option for those who want it or need it as it's rather easy to implement such features.
Here back home? I'm pissed off enough that work enforces that I need a 6 digit pin on my phone. Pattern unlock would be far more convenient.
From what I have come to understand, PIN and pattern lock can offer comparable protection if configured properly so there really should not be any significant difference in the level of security you get with either choice. The phone should simply refuse any further attempts after the PIN or pattern has been entered incorrectly X times (and if the device has been encrypted, it should then unmount the encrypted partition). I myself also prefer the pattern lock over PIN as it's easier to enter when you hold the phone in one hand.
You should submit that as expert advice in the current Apple vs Three Letter Agency debate case.
You need to remember this is Android we're talking about. Most Android devices lack any real hardware or software security infrastructure, which means you have infinite tries. In many cases you could also brute force the whole thing offline by dumping the contents of the phone on a computer. Even in Apple's case, though, the PIN is incredibly weak. If apple decides to help, it means there's practically no protection for the data. If a long enough password was used instead of a PIN, even with Apple's help the attempts to open the phone's contents would be futile.
Stupidity protection. You get all sorts of strange issues when you start allowing users to enter stupidly long passwords such as them forgetting them mid typing, timeouts, and my favourite: complaints that they take a long time to enter as it is:-)
Well, purposefully limiting security is also stupid in my books, heh.
Depends. Are you trying to protect yourself from the NSA, or just want your data encrypted so when you lose your phone no one sees your dick picks? The vast majority of uses cases are the latter and for that it is well and truly good enough.
NSA, FSB and the like, but also in case I lose my phone. I find this type of argument just as fallacious as "if you have nothing to hide...".
One of my former colleagues actually had his phones and laptop confiscated by the FSB toward the end of his business trip there (non-US government employee). A nation state has the resources to try to gain access to encrypted data in many cases. Having access to someone's personal data on a mobile phone, like in this case, opens up all kinds of possibilities and we all know that. Security in computers and similar devices should be ubiquitous and purpose-agnostic.
Yes, I'm sure it wasn't a case of resetting the password. I was simply rebooting the phone every now and then and then it suddenly wouldn't accept the FDE password any more. I've read about similar cases and it's probably not even a bug, but a feature somewhere in the OS that somehow overwrote the password because something specific happened in the OS.
I really hope one day we'll get a proper encryption suit in Android. Supported, easy to use and secure.:-\
Rooted Android can already combine a pin screen lock and password for FDE. Cm11 had it built in.
It was indeed "possible", but it was not a supported solution like it is not one even in the current releases. Manually decoupling the FDE password and screen lock means trouble, especially when you update the phone. I once tried this approach, but eventually it wouldn't accept the FDE password upon boot any more even though the password had not been changed. Getting this stuff to work properly is a hassle.
For some reason the CM releases have had immense problems with implementing full-disk encryption over the years. It just doesn't work, not even on popular flagship models.
On my Galaxy S3 (CM11) I was once able to encrypt my phone, but it would only allow the use of either a PIN or password – and CM also wiped the user data clean one day by itself. The use of a password is very much desirable per se, but the thing is you'd have to enter it every time you unlock the screen. A PIN is as secure as leaving your phone with a post-it note on it with the actual PIN written on it.
After trying the new CM13 nightlies on my Galaxy S5, I'm still having problems with full-disk encryption. This time around it won't encrypt at all, and even if it would, the aforementioned limitations with the password/PIN are still present. In the newer version you theoretically could use a pattern too, but it's still not secure enough (nor does the whole damn encryption work to begin with).
It's been discussed for several years now how people could have a secure FDE key and a also use a pattern or PIN to unlock the screen. For some god-knows-why reason the password has also been limited to 16 characters in the official Android documentation and nobody came up with the idea to actually increase that. Having experimented with encryption on my Android/CM devices, I have to say that security never really was a key feature in the whole damn ecosystem.
This type of thinking comes from business people's side: instead of creating individual products from ground-up, create and control a whole platform. When you control the platform people do business on, you own the market. Google didn't create their own proprietary OS because its markets would've been too narrow; instead they created a platform that extends over numerous manufacturers. When the manufacturer's and app developers succeed, Google succeeds. When the manufacturer's and app developers fail, Google doesn't. It's a one-sided win position they got themselves in.
Amazon isn't selling everything themselves, instead they got a platform that allows sellers to join up and they get a slice of their profits, but don't fail themselves if the sellers go bankrupt. You can hardly be relevant in e-commerce unless you have some kind of presence there, and this is a bit worrying since they can bar a business from utilizing their platform.
Private corporations are people when it suits them best. They get the benefits of being considered "people", but pretty much none of the downsides apply to them. Corporations enjoy freedom of speech, but they don't have to apply this fundamental right to their services. A news platform, like Facebook's, has no obligations to publish a story by a publisher if they don't want to. When all the readers are concentrated to that particular platform, it becomes increasingly difficult to exercise freedom of speech as a publisher. Facebook would effectively control the news we read.
I always thought their pleas to unblock their sites should reflect reality: "Please let us serve you malware!"
Malware distribution via ad networks is a very old an well-known scheme. It would be stupid not to block all ads. As no point can effectively be made without a car analogy; would you not wear your seatbelt if the owner of the road came to you with such plea?
I'm a displaced wanderer, currently residing in Sweden.
Foot-pound and pound-foot. It says in the latter article that the torque measurement unit is often referred to as foot-pound even though it should actually be vice versa. All the more reason why the imperial units are insane, heh.
I don't think stupid is the right word to describe the situation. Scary seems more fitting in this case.
The decisions made in this case could have immense negative effects in many other areas as well. First they're after Apple's source code repository and signature key and next they'll be serving backdoors or start decrypting computers using Windows Update. That is unarguably a real possibility now.
I immediately noticed the transition over to TLS. I had in fact been wondering for quite some time how come a technology oriented site isn't securing traffic with TLS. Auto refresh was also annoying as hell so it's a big plus you've got rid of that (and a promise of UTF-8 sounds excellent, too).
If the research is in any way being funded by tax payers' money, then it should be made freely available. Private entities can spend their money how they wish and do with their knowledge what they wish, but the same should not be allowed if there's tax money directly involved.
Slashdot Mirror
That would be absurd. Especially since everybody knew Sun's hardware adventures had been going downhill, hard.
Quantum computing will always be 20 years away. Getting anything practical work done on quantum computers is not likely going to happen in our lifetimes (unless you redefine 'practical work', of course).
For any and all small to medium size systems I always prefer to go with KVM. With Red Hat's Virt-Manager it's an excellent low-cost and high-performance solution. It's all open source too, which I like very much, but external support might be more expensive to acquire. If you have great talent in-house, then there's usually no need for fallback support.
That is a fork and QT-based implementation of the original Transmission, although I have been using it myself too until I did a complete switch to Linux.
Ironically there's a film on that list called Firewall.
He'll probably write a couple of books in the months to come.
That reminded me of a similar hack I read about a couple of years ago (and holy shit was it hard to find this again). It's about going around the 5 attempt limit per power cycle that exists in Opal compliant ATA password implementations.
There was so much optimism and innovative ideas, there were actually individuals, and it was decentralized - you could actually own a piece of the internet. People even hosted their own websites!! Imagine that. Watching it all fade to the world of Twitter and Facebook...
Whenever there's a new field to be conquered, there tends to be a rush of all sorts of people trying out their ideas. In the end, though, things always start to centralize. Big corporations industrialize even the most mundane things we see on the Internet. If they don't produce the content themselves, they still run the platform the content is produced on (Facebook, Twitter, Blogspot, YouTube etc.)
While the sort of backbone of the Internet has become more and more centralized, I don't think "our" kind of thinkers, who run their own servers and services, have ever gone down in numbers. The Internet around us has just grown so much bigger that our relative size is comparably small. Young people are still very much interested about tinkering with technology and it's now easier than ever (Rapsberry Pi, Adruino etc.) There's also more good advice on the Internet than ever before, and I myself also gladly help when people ask for help with their servers and whatnot.
I think the whole IoT marketing movement is about rebranding existing technologies. Remotely accessible cameras and wearable technology have been around for a very long time practically unchanged, but now they're suddenly categorized under an ambiguous umbrella term. Most of the IoT tech have been security nightmares since day 1 so we shouldn't suddenly worry about them now, we should have worried about them for over a decade. Googling for weakly protected webcams, for example, has been around since the early 2000's and it's been a "new phenomenon" every five years or so.
If there are devices in my home or car that I find intrusive, they can't be secured properly or they somehow threaten my privacy, I'll get rid of them. This of course becomes a bit problematic once we start running out of alternative manufacturers, but I don't think that'll be a problem for a long time to come. Our cars will most likely be the first that we have least choices with as laws have started to mandate certain wireless technologies to be implemented in them.
The very least steps everyone should take to secure networked devices of any kind is to set up a proper firewall at home and whitelist addresses they can connect to. Or even bar them behind a VPN. Wouldn't be something every average Jane and Joe can do, but that's another story.
The only problem I see is lack of professionalism. Having dancers, be it male or female, at a professional event like this underestimates the intelligence of its attendees.
OP said he doesn't want the key to be encrypted because "encrypting it just means another key". This considered the aforementioned solution fits OP's requirements. I personally would encrypt my keys (even the backups), but if it's corporate data we're talking about there's no need for encryption of the backup key.
Get a safety deposit box from a bank, put the key there as an ASCII armored plaintext paper and as a QR code printed on paper. And remember to use quality paper and a laser printer. The only ones who could get access to the key would be robbers and government officials with warrants.
if the government really wanted to send their secret ninja assassins after us we'd be as good as dead.
You mean I bought the Secret Ninja Assassin Defense System in vain?! Makes me look rather silly now doesn't it.
I'm a good proponent of encryption and privacy, but honestly you hit the point of diminishing returns very quickly with security.
True enough. But I think despite this it should be an option for those who want it or need it as it's rather easy to implement such features.
Here back home? I'm pissed off enough that work enforces that I need a 6 digit pin on my phone. Pattern unlock would be far more convenient.
From what I have come to understand, PIN and pattern lock can offer comparable protection if configured properly so there really should not be any significant difference in the level of security you get with either choice. The phone should simply refuse any further attempts after the PIN or pattern has been entered incorrectly X times (and if the device has been encrypted, it should then unmount the encrypted partition). I myself also prefer the pattern lock over PIN as it's easier to enter when you hold the phone in one hand.
You should submit that as expert advice in the current Apple vs Three Letter Agency debate case.
You need to remember this is Android we're talking about. Most Android devices lack any real hardware or software security infrastructure, which means you have infinite tries. In many cases you could also brute force the whole thing offline by dumping the contents of the phone on a computer. Even in Apple's case, though, the PIN is incredibly weak. If apple decides to help, it means there's practically no protection for the data. If a long enough password was used instead of a PIN, even with Apple's help the attempts to open the phone's contents would be futile.
Stupidity protection. You get all sorts of strange issues when you start allowing users to enter stupidly long passwords such as them forgetting them mid typing, timeouts, and my favourite: complaints that they take a long time to enter as it is :-)
Well, purposefully limiting security is also stupid in my books, heh.
Depends. Are you trying to protect yourself from the NSA, or just want your data encrypted so when you lose your phone no one sees your dick picks? The vast majority of uses cases are the latter and for that it is well and truly good enough.
NSA, FSB and the like, but also in case I lose my phone. I find this type of argument just as fallacious as "if you have nothing to hide...".
One of my former colleagues actually had his phones and laptop confiscated by the FSB toward the end of his business trip there (non-US government employee). A nation state has the resources to try to gain access to encrypted data in many cases. Having access to someone's personal data on a mobile phone, like in this case, opens up all kinds of possibilities and we all know that.
Security in computers and similar devices should be ubiquitous and purpose-agnostic.
Yes, I'm sure it wasn't a case of resetting the password. I was simply rebooting the phone every now and then and then it suddenly wouldn't accept the FDE password any more. I've read about similar cases and it's probably not even a bug, but a feature somewhere in the OS that somehow overwrote the password because something specific happened in the OS.
I really hope one day we'll get a proper encryption suit in Android. Supported, easy to use and secure. :-\
Rooted Android can already combine a pin screen lock and password for FDE. Cm11 had it built in.
It was indeed "possible", but it was not a supported solution like it is not one even in the current releases. Manually decoupling the FDE password and screen lock means trouble, especially when you update the phone. I once tried this approach, but eventually it wouldn't accept the FDE password upon boot any more even though the password had not been changed. Getting this stuff to work properly is a hassle.
For some reason the CM releases have had immense problems with implementing full-disk encryption over the years. It just doesn't work, not even on popular flagship models.
On my Galaxy S3 (CM11) I was once able to encrypt my phone, but it would only allow the use of either a PIN or password – and CM also wiped the user data clean one day by itself. The use of a password is very much desirable per se, but the thing is you'd have to enter it every time you unlock the screen. A PIN is as secure as leaving your phone with a post-it note on it with the actual PIN written on it.
After trying the new CM13 nightlies on my Galaxy S5, I'm still having problems with full-disk encryption. This time around it won't encrypt at all, and even if it would, the aforementioned limitations with the password/PIN are still present. In the newer version you theoretically could use a pattern too, but it's still not secure enough (nor does the whole damn encryption work to begin with).
It's been discussed for several years now how people could have a secure FDE key and a also use a pattern or PIN to unlock the screen. For some god-knows-why reason the password has also been limited to 16 characters in the official Android documentation and nobody came up with the idea to actually increase that. Having experimented with encryption on my Android/CM devices, I have to say that security never really was a key feature in the whole damn ecosystem.
This type of thinking comes from business people's side: instead of creating individual products from ground-up, create and control a whole platform. When you control the platform people do business on, you own the market. Google didn't create their own proprietary OS because its markets would've been too narrow; instead they created a platform that extends over numerous manufacturers. When the manufacturer's and app developers succeed, Google succeeds. When the manufacturer's and app developers fail, Google doesn't. It's a one-sided win position they got themselves in.
Amazon isn't selling everything themselves, instead they got a platform that allows sellers to join up and they get a slice of their profits, but don't fail themselves if the sellers go bankrupt. You can hardly be relevant in e-commerce unless you have some kind of presence there, and this is a bit worrying since they can bar a business from utilizing their platform.
Private corporations are people when it suits them best. They get the benefits of being considered "people", but pretty much none of the downsides apply to them. Corporations enjoy freedom of speech, but they don't have to apply this fundamental right to their services. A news platform, like Facebook's, has no obligations to publish a story by a publisher if they don't want to. When all the readers are concentrated to that particular platform, it becomes increasingly difficult to exercise freedom of speech as a publisher. Facebook would effectively control the news we read.
I always thought their pleas to unblock their sites should reflect reality: "Please let us serve you malware!"
Malware distribution via ad networks is a very old an well-known scheme. It would be stupid not to block all ads. As no point can effectively be made without a car analogy; would you not wear your seatbelt if the owner of the road came to you with such plea?
I'm a displaced wanderer, currently residing in Sweden.
Foot-pound and pound-foot. It says in the latter article that the torque measurement unit is often referred to as foot-pound even though it should actually be vice versa. All the more reason why the imperial units are insane, heh.
That's actually rather interesting, did not know it used to be so.
I don't think stupid is the right word to describe the situation. Scary seems more fitting in this case.
The decisions made in this case could have immense negative effects in many other areas as well. First they're after Apple's source code repository and signature key and next they'll be serving backdoors or start decrypting computers using Windows Update. That is unarguably a real possibility now.
I immediately noticed the transition over to TLS. I had in fact been wondering for quite some time how come a technology oriented site isn't securing traffic with TLS. Auto refresh was also annoying as hell so it's a big plus you've got rid of that (and a promise of UTF-8 sounds excellent, too).
If the research is in any way being funded by tax payers' money, then it should be made freely available. Private entities can spend their money how they wish and do with their knowledge what they wish, but the same should not be allowed if there's tax money directly involved.