There is no exception in the law for "sufficient justification." Maybe there should be, but there isn't. Since he confessed -- on film, no less -- to leaking classified information, there's no need to dance around it with "alleged" violations. He did the crime and, without a bargain or a pardon, he will do the time if he faces a trial in the US.
Jesus Christ. No, his "only crime" was not to publish books -- he was charged and found guilty of tax evasion.
He was not even charged with a crime for his book -- which fraudulently claimed that it would tell people how to legally avoid paying taxes -- rather an injunction was ordered. Honestly, he's lucky he had a judge/prosecutor that was so lenient given his shenanigans.
Yes. I'm also tired of the line, "at least we live in a country where we're free to have that discussion."
First, all the things we do right are not an affirmative defense against the things we do wrong. Mother Teresa would still go to jail if she murdered someone.
Second, it's not much of a discussion if the people who say that put their fingers in their ears and shout, "I'm not listening!" when you try to talk to them. Which is what that line is designed to do -- distract from the actual topic of discussion by having a meta-discussion.
There's some merit to that, in that some criminals and terrorists mistakenly believe that the infrastructure is secure, that they are not worthwhile targets, or that they are somehow anonymous. Alerting them to their mistaken beliefs doesn't make things easier for those tasked with limiting their damage.
On the other hand, as this article points out, not disclosing, or drawing attention to, the catastrophic vulnerabilities that are used in offensive operations simultaneously makes us all vulnerable to those same techniques when used by bad actors. Including, in many cases, the very agencies or partner agencies that are exploiting those techniques. As someone else described it, it's really a cognitive dissonance.
This doesn't really need to be the case. We're used to carrying keys to access our cars and homes -- we could carry digital encryption keys to access our emails and data. The bug/feature is that losing the keys necessarily means permanently losing access to the data, from the past anyway. But that's not actually very different from today -- much of our data rots for other reasons anyway. Photos and documents disappear when we buy a new phone, or when our hard drives bite the dust. Endpoint encryption would actually allow secure online storage without worrying who might access the data, because nobody else has a copy of the keys.
One way to accomplish this without sacrificing convenience, for those who value it over security, would be to solve the specific problem instead of the general problem. Default to external keys only, and "bury" an option in the settings to store a copy of the key(s) on-device, or online, for convenience. Encourage good habits by making it the norm, but allow people to exercise bad habits if they need or choose to and accept the risks.
I do applaud Schneier for coming out strongly in favor of security. In past speeches he's equivocated and said he doesn't have the answers, just the facts, but there really is only one answer in this case. We must choose security. We fought this battle in the late 90s and early aughts -- the so-called crypto wars -- but apparently we need to fight it again for a new generation. Let the battle begin.
No, they were using unpublicized email addresses on government servers. Completely different.
From your own fscking article:
"The practice is separate from officials who use personal, nongovernment email accounts for work, which generally is discouraged due to laws requiring that most federal records be preserved."
There is no obligation for the government to disclose every phone number and email address it uses.
Somebody (meaning some agency -- possibly the DoS itself, if not the DoJ) probably has standing to subpoena the server records, and should. It may not turn up anything, but to not look at all is grossly negligent.
The US political system is so polarized that many supporters are unable to gauge wrongdoings within their own party.
That's not a reflection of extreme polarization -- people are apt to defend their own and blame the "other," even in very loose groupings with mild differences. We're more likely to believe or apologize for the behavior of people we like or identify with.
That's not to say that we're not polarized -- certainly we are -- just that the phenomenon of tribal behavior isn't an indicator of that.
Who modded up this jingoism? It ignores the fact that white people (men, specifically) dominate the political landscape, and I say this as a white male. It was the good-old-boys who elected George W., not silicon valley, whatever the demographics may be now. It was the proponents of transparency and diplomacy who elected Obama, not the warhawks and national security fanatics -- they voted for McCain.
It's the standard tactic to blame the political problems du jour on immigrants. It's the go-to play of racial supremacy groups. It's a distraction from a debate on the issues themselves. Don't fall for it.
Fortunately, we can both still vote in our respective nations to change this perversion.
In theory, yes, but in practice, how do you weed out the people who would dupe you? People hear what they want to hear, so if a politician gives a nod to their opinion/perspective/principles, he's going to get support unless there's proof that he doesn't mean what he says -- and that's an almost impossibly high bar, barring him saying that he didn't mean it (and even then, which one was the lie?) And how do we distinguish between people who change their minds through enlightenment from those who change their statements for political expediency?
If voting was a panacea, we'd have a utopia by now.
Well there must be a balance between code reuse and custom solutions. To use the trusty car analogy: a car manufacturer doesn't create a new battery for every vehicle (or, indeed, make batteries at all). Unless it's top end, they don't create a different engine for every car, or a different transmission.
If you're making top-end software, then sure, spare no expense. But most projects will suffice just fine using existing libraries. Knowing when to go third party and when to stay in-house is a skillset that a good lead will have.
While I'm not of the opinion that souls exist in the first place, I am certain that machines definitely don't have souls, and one would no sooner try to "convert them" (what a strange phrase) than he would a dog or an elephant, or any other somewhat intelligent animal.
If someone takes a picture of you anywhere, they own the picture. If you don't want anyone to see naked photos of you, don't pose for naked photos. Maybe this is easier for me since nobody wants to see me naked to begin with, but I don't think it's that hard to say no.
Why don't you use some of those billions of dollars used to build those mega data centers and spend them on more undercover agents and actual investigation, instead of simply sifting through everyone's e-mail looking for interesting keywords?
To be fair, the NSA's mission is SIGINT, not HUMINT. I do agree that intelligence gathering needs to be more targeted though. The only people who can change that is us, and it requires a combination of technological and political changes: End to End Encryption for Everything using a global PKI system, and explicit prohibitions on collecting bulk data, or accepting bulk data from other countries, or purchasing bulk data from the private sector.
It isn't up to the NSA to set the balance, the NSA job is to push the balance one way.
That's true to some extent, but every member of the military -- which runs the NSA -- and sworn officers of other agencies take an oath to support and defend the Constitution of the United States first at foremost, and to disobey unlawful orders, in the military at least. (Apparently they don't instill this value in other agencies, but it's well taught within the DoD.)
Now, is asking for more access unconstitutional? Probably not. But it's impossible to compromise security for just the good guys. Compromised security is compromised security, and that makes all of us less safe, which goes against the mission.
The KTH cannot exist, because the KTH can't possibly recognize all instances of "a compiler," and/or "a login." If it could, it could be used to solve the halting problem.
Therefore one need only evade detection in order to produce a clean binary from an infected compiler, which should, in practice, be trivially done by obfuscating the code. With obfuscation, detection would have to rely on algorithm detection, but that's easily avoided as well, much to the bane of antivirus software.
But, for the sake of argument, even if KTH could reliably infect all compilers, disassemblers, and debuggers produced with an infected compiler, it would still be detectable through dumping memory and/or debugging, because lying about the contents of memory or the step of execution takes time, and you can't lie about how long it takes to complete an operation. You could try to hide it by throwing in NOOPs, but you can't lie about it, and any deviation between the number of actual and expected operations to complete a task would raise a huge red flag. In fact, if KTH existed in the wild, the effects of its existence would have been detected by now through performance testing and/or timing exploits. The fact that unexplained universal slowdowns haven't been observed in the wild, and that timing exploits do in fact work seems to be conclusive evidence that KTH does not exist.
Security is an arms race to be sure, and I would bet my life that there are, and will always be, undetected hacks in the wild, but there is no such thing as an *undetectable* hack. If someone is looking, they can find it. Even the "Equation" turned up once someone bothered to look.
There has never been such a thing as absolute security, only risk management. Reduce your risk to the lowest acceptable level for your needs and/or budget, and insure against catastrophe. That's life.
voice processing and searching on the scale of some of the applications such as SIRI require centralized processing
Only in the short term. Longer term, it will be doable on-device. Of course, a server farm/supercomputer will always provide superior processing capability, but at some point it becomes "good enough" on less capable devices.
Slashdot Mirror
There is no exception in the law for "sufficient justification." Maybe there should be, but there isn't. Since he confessed -- on film, no less -- to leaking classified information, there's no need to dance around it with "alleged" violations. He did the crime and, without a bargain or a pardon, he will do the time if he faces a trial in the US.
Jesus Christ. No, his "only crime" was not to publish books -- he was charged and found guilty of tax evasion.
He was not even charged with a crime for his book -- which fraudulently claimed that it would tell people how to legally avoid paying taxes -- rather an injunction was ordered. Honestly, he's lucky he had a judge/prosecutor that was so lenient given his shenanigans.
https://en.wikipedia.org/wiki/...
Yes. I'm also tired of the line, "at least we live in a country where we're free to have that discussion."
First, all the things we do right are not an affirmative defense against the things we do wrong. Mother Teresa would still go to jail if she murdered someone.
Second, it's not much of a discussion if the people who say that put their fingers in their ears and shout, "I'm not listening!" when you try to talk to them. Which is what that line is designed to do -- distract from the actual topic of discussion by having a meta-discussion.
There's some merit to that, in that some criminals and terrorists mistakenly believe that the infrastructure is secure, that they are not worthwhile targets, or that they are somehow anonymous. Alerting them to their mistaken beliefs doesn't make things easier for those tasked with limiting their damage.
On the other hand, as this article points out, not disclosing, or drawing attention to, the catastrophic vulnerabilities that are used in offensive operations simultaneously makes us all vulnerable to those same techniques when used by bad actors. Including, in many cases, the very agencies or partner agencies that are exploiting those techniques. As someone else described it, it's really a cognitive dissonance.
This doesn't really need to be the case. We're used to carrying keys to access our cars and homes -- we could carry digital encryption keys to access our emails and data. The bug/feature is that losing the keys necessarily means permanently losing access to the data, from the past anyway. But that's not actually very different from today -- much of our data rots for other reasons anyway. Photos and documents disappear when we buy a new phone, or when our hard drives bite the dust. Endpoint encryption would actually allow secure online storage without worrying who might access the data, because nobody else has a copy of the keys.
One way to accomplish this without sacrificing convenience, for those who value it over security, would be to solve the specific problem instead of the general problem. Default to external keys only, and "bury" an option in the settings to store a copy of the key(s) on-device, or online, for convenience. Encourage good habits by making it the norm, but allow people to exercise bad habits if they need or choose to and accept the risks.
I do applaud Schneier for coming out strongly in favor of security. In past speeches he's equivocated and said he doesn't have the answers, just the facts, but there really is only one answer in this case. We must choose security. We fought this battle in the late 90s and early aughts -- the so-called crypto wars -- but apparently we need to fight it again for a new generation. Let the battle begin.
Power will always be lucrative to those who desire it.
No, they were using unpublicized email addresses on government servers. Completely different.
From your own fscking article:
"The practice is separate from officials who use personal, nongovernment email accounts for work, which generally is discouraged due to laws requiring that most federal records be preserved."
There is no obligation for the government to disclose every phone number and email address it uses.
Somebody (meaning some agency -- possibly the DoS itself, if not the DoJ) probably has standing to subpoena the server records, and should. It may not turn up anything, but to not look at all is grossly negligent.
That's not a reflection of extreme polarization -- people are apt to defend their own and blame the "other," even in very loose groupings with mild differences. We're more likely to believe or apologize for the behavior of people we like or identify with.
That's not to say that we're not polarized -- certainly we are -- just that the phenomenon of tribal behavior isn't an indicator of that.
Who modded up this jingoism? It ignores the fact that white people (men, specifically) dominate the political landscape, and I say this as a white male. It was the good-old-boys who elected George W., not silicon valley, whatever the demographics may be now. It was the proponents of transparency and diplomacy who elected Obama, not the warhawks and national security fanatics -- they voted for McCain.
It's the standard tactic to blame the political problems du jour on immigrants. It's the go-to play of racial supremacy groups. It's a distraction from a debate on the issues themselves. Don't fall for it.
Fortunately, we can both still vote in our respective nations to change this perversion.
In theory, yes, but in practice, how do you weed out the people who would dupe you? People hear what they want to hear, so if a politician gives a nod to their opinion/perspective/principles, he's going to get support unless there's proof that he doesn't mean what he says -- and that's an almost impossibly high bar, barring him saying that he didn't mean it (and even then, which one was the lie?) And how do we distinguish between people who change their minds through enlightenment from those who change their statements for political expediency?
If voting was a panacea, we'd have a utopia by now.
If she had classified intelligence emails on unapproved servers, then that's another violation as well. One count per email.
Well there must be a balance between code reuse and custom solutions. To use the trusty car analogy: a car manufacturer doesn't create a new battery for every vehicle (or, indeed, make batteries at all). Unless it's top end, they don't create a different engine for every car, or a different transmission.
If you're making top-end software, then sure, spare no expense. But most projects will suffice just fine using existing libraries. Knowing when to go third party and when to stay in-house is a skillset that a good lead will have.
While I'm not of the opinion that souls exist in the first place, I am certain that machines definitely don't have souls, and one would no sooner try to "convert them" (what a strange phrase) than he would a dog or an elephant, or any other somewhat intelligent animal.
Uhm, maybe you're thinking of Ellen Pompeo?
I think every marriage should have an exception for celebrities though. Which is why I would let my wife sleep with Ellen Pompeo any day.
Ha! Good memory. Funny that Slashdot was using 2 digit year codes in their URLs.... in Y2K.
slashdot.org/comments.pl?sid=00/02/03/1342248&cid=16
Here are your posts:
http://slashdot.org/comments.p...
http://slashdot.org/comments.p...
If someone takes a picture of you anywhere, they own the picture. If you don't want anyone to see naked photos of you, don't pose for naked photos. Maybe this is easier for me since nobody wants to see me naked to begin with, but I don't think it's that hard to say no.
Can you really put a price on oppression? Not everything has to be about the bottom line.
Now they look as realistic and life-like as these icons!
Why don't you use some of those billions of dollars used to build those mega data centers and spend them on more undercover agents and actual investigation, instead of simply sifting through everyone's e-mail looking for interesting keywords?
To be fair, the NSA's mission is SIGINT, not HUMINT. I do agree that intelligence gathering needs to be more targeted though. The only people who can change that is us, and it requires a combination of technological and political changes: End to End Encryption for Everything using a global PKI system, and explicit prohibitions on collecting bulk data, or accepting bulk data from other countries, or purchasing bulk data from the private sector.
That's a solved problem.
http://gmailblog.blogspot.com/...
It isn't up to the NSA to set the balance, the NSA job is to push the balance one way.
That's true to some extent, but every member of the military -- which runs the NSA -- and sworn officers of other agencies take an oath to support and defend the Constitution of the United States first at foremost, and to disobey unlawful orders, in the military at least. (Apparently they don't instill this value in other agencies, but it's well taught within the DoD.)
Now, is asking for more access unconstitutional? Probably not. But it's impossible to compromise security for just the good guys. Compromised security is compromised security, and that makes all of us less safe, which goes against the mission.
The KTH cannot exist, because the KTH can't possibly recognize all instances of "a compiler," and/or "a login." If it could, it could be used to solve the halting problem.
Therefore one need only evade detection in order to produce a clean binary from an infected compiler, which should, in practice, be trivially done by obfuscating the code. With obfuscation, detection would have to rely on algorithm detection, but that's easily avoided as well, much to the bane of antivirus software.
But, for the sake of argument, even if KTH could reliably infect all compilers, disassemblers, and debuggers produced with an infected compiler, it would still be detectable through dumping memory and/or debugging, because lying about the contents of memory or the step of execution takes time, and you can't lie about how long it takes to complete an operation. You could try to hide it by throwing in NOOPs, but you can't lie about it, and any deviation between the number of actual and expected operations to complete a task would raise a huge red flag. In fact, if KTH existed in the wild, the effects of its existence would have been detected by now through performance testing and/or timing exploits. The fact that unexplained universal slowdowns haven't been observed in the wild, and that timing exploits do in fact work seems to be conclusive evidence that KTH does not exist.
Security is an arms race to be sure, and I would bet my life that there are, and will always be, undetected hacks in the wild, but there is no such thing as an *undetectable* hack. If someone is looking, they can find it. Even the "Equation" turned up once someone bothered to look.
There has never been such a thing as absolute security, only risk management. Reduce your risk to the lowest acceptable level for your needs and/or budget, and insure against catastrophe. That's life.
voice processing and searching on the scale of some of the applications such as SIRI require centralized processing
Only in the short term. Longer term, it will be doable on-device. Of course, a server farm/supercomputer will always provide superior processing capability, but at some point it becomes "good enough" on less capable devices.