First they came for the pedophiles on Freedom Hosting, and I said nothing because pedophiles are scum.
Then they came for the drug dealers on Silk Road, and I said nothing because drug dealers are scum too.
Then they came for the leakers on {Wiki|Live|you pick one}Leaks, and I said nothing because I don't have time to read that stuff anyway.
Then they passed a law against using privacy tools such as Tor, Mixmaster, proxies, and crypto, because terrorists 9/11 OMG, and I said nothing because I have nothing to hide.
Then I tried to fly to my Dad's funeral and found out that I'm on the no-fly list. I still am. No one will tell me why, and there's nothing I can do to change it.
Then the police broke down my door because I had set up my wireless router wrong and someone had done something illegal over my connection, and it took me three years to get the charges dropped, and I lost my job and had to file bankruptcy, and I never did get my computer back. And what happened to the government agents who had wrongly prosecuted me? Nothing whatsoever. And what compensation did I get? The court ruled that the government had not violated its rules and therefore I was not owed anything. Have a nice day.
"Hello, Intel. Under the terms of this national security letter, you must change your verification software to ignore certain errors. The engineers who carry out this order must not reveal anything about this. Anyone who does will be subject to a term of incarceration not exceeding..."
I wonder if it's possible for an attacker to mess with microcode in such a way as to trojan things like random number generation, without having any other effects that would be more easily noticed. It doesn't seem likely.
Of course, true RNG depends on things like timing keystrokes, mouse clicks, network packets, etc. The LSBs of such times probably aren't used for anything else, and could thus be tampered with more easily.
It's pretty hard to get reliable crypto when your adversaries are the SIGINT arms of some of the most powerful nations in history; they're not constrained by law, ethics, or budget; and the one in your own nation can coerce cooperation and silence. Bad deal, all around.
I think we are all going to have to be a lot more paranoid from now on about the public comments NIST gets on crypto standards. We can count on NSA to continue to try to mess with the standards, but they won't do it openly. They'll use proxies with no traceable connection to NSA. The crypto experts will have to examine these things a lot more carefully. Hanlon's razor won't cut it anymore.
I've been wondering if the OpenBSD CDs I got in the mail are the same ones they mailed me. Seems like they're all mailed from the same place; wouldn't be too hard for the American Stasi to swap them out for compromised ones, once they got it set up.
For some bizarre reason OpenBSD doesn't sign their releases. Way to throw us under the bus, Theo.
Don't trust politicians to fix things. They won't.
Don't trust government to tell the truth about what they're doing. They won't.
People who care about their privacy must assure it themselves. Use OpenBSD. Use strong crypto. Use Tor and Mixmaster. Use air gaps. Don't cut corners. Make the bastards work for every byte. If they want a police state, at least make it obvious that it is a police state, and let them consider if they can afford to make that obvious, in a country where half the households are armed. If they want our communications, make them come and pick our locks and plant bugs everywhere. Don't just let them sit in their offices and hoover it all up.
A law to stop the NSA? Yeah, that oughta do the trick. *rolls eyes*
"There's this about cynicism. It's the universe's most supine moral position. If nothing can be done, then you're not some kind of shit for not doing it, and you can lie there and stink to yourself in perfect peace." (Paraphrased from "Borders of Infinity", Lois McMaster Bujold.)
If there are laws in place that clearly prohibit certain activities, and the NSA (or whoever) continues to practice those activities in defiance of the law and lie about it, there will be more people in the know who will be faced with an ethical conflict and who will have a clear moral imperative to blow the whistle, as Snowden did. Continue that cycle long enough, and Congress will eventually have to clean house, defunding the NSA, impeaching the president, or whatever it takes.
Charles Stross has some interesting thoughts on this subject. tl;dr: leaks will continue because young people have no reason to be loyal to organizations that aren't loyal to them.
Anti-vaxxers aren't anti-vaxxers because they have genes for stupidity. I know a sysadmin who's an anti-vaxxer. They're anti-vaxxers because no one ever bothered to teach them how to evaluate claims critically.
Wow, quite the humanist, aren't you? Never mind how good a person this might be, how much contribution he might make to the world, or how many people care about him. He's "poor stock", get rid of him.
That's because it's not democracy. It's theoretically-representative democracy. They do represent their base, of course, for large-corporate-donors values of "base".
On the other hand, the smart user will unplug the toaster whenever possible before reaching into it, thus ensuring personal safety even if the manufacturer screwed up. Not sure what the analogous safe practice would be with AWS, aside from RTFM and generally being cautious.
They seem to be confusing the GPL with the BSD license or the public domain. If they ignore the GPL, nothing else lets them use the GPL-licensed code, so they have to take it out. Schnell!
Well, Monchanger, you said: "If a team of highly decorated SEALs who devoted their lives to serving the nation confirm the report, it's the truth." Implying, you trust what government employees say, at least if they're SEALs. So Grishnakh drew the obvious corollary: The CIA said Saddam had WMDs. We have since seen that he did not. Government employees don't always tell the truth. This isn't trolling, it's making a good argument.
Slashdot Mirror
First they came for the pedophiles on Freedom Hosting, and I said nothing because pedophiles are scum.
Then they came for the drug dealers on Silk Road, and I said nothing because drug dealers are scum too.
Then they came for the leakers on {Wiki|Live|you pick one}Leaks, and I said nothing because I don't have time to read that stuff anyway.
Then they passed a law against using privacy tools such as Tor, Mixmaster, proxies, and crypto, because terrorists 9/11 OMG, and I said nothing because I have nothing to hide.
Then I tried to fly to my Dad's funeral and found out that I'm on the no-fly list. I still am. No one will tell me why, and there's nothing I can do to change it.
Then the police broke down my door because I had set up my wireless router wrong and someone had done something illegal over my connection, and it took me three years to get the charges dropped, and I lost my job and had to file bankruptcy, and I never did get my computer back. And what happened to the government agents who had wrongly prosecuted me? Nothing whatsoever. And what compensation did I get? The court ruled that the government had not violated its rules and therefore I was not owed anything. Have a nice day.
Sigh.
"Hello, Intel. Under the terms of this national security letter, you must change your verification software to ignore certain errors. The engineers who carry out this order must not reveal anything about this. Anyone who does will be subject to a term of incarceration not exceeding..."
Tell me why this would not happen.
I wonder if it's possible for an attacker to mess with microcode in such a way as to trojan things like random number generation, without having any other effects that would be more easily noticed. It doesn't seem likely.
Of course, true RNG depends on things like timing keystrokes, mouse clicks, network packets, etc. The LSBs of such times probably aren't used for anything else, and could thus be tampered with more easily.
It's pretty hard to get reliable crypto when your adversaries are the SIGINT arms of some of the most powerful nations in history; they're not constrained by law, ethics, or budget; and the one in your own nation can coerce cooperation and silence. Bad deal, all around.
Edward Snowden should be canonized.
Somebody grabbed tons of personal data and it wasn't the NSA? Stop the presses!
I think we are all going to have to be a lot more paranoid from now on about the public comments NIST gets on crypto standards. We can count on NSA to continue to try to mess with the standards, but they won't do it openly. They'll use proxies with no traceable connection to NSA. The crypto experts will have to examine these things a lot more carefully. Hanlon's razor won't cut it anymore.
I've been wondering if the OpenBSD CDs I got in the mail are the same ones they mailed me. Seems like they're all mailed from the same place; wouldn't be too hard for the American Stasi to swap them out for compromised ones, once they got it set up.
For some bizarre reason OpenBSD doesn't sign their releases. Way to throw us under the bus, Theo.
Don't trust politicians to fix things. They won't.
Don't trust government to tell the truth about what they're doing. They won't.
People who care about their privacy must assure it themselves. Use OpenBSD. Use strong crypto. Use Tor and Mixmaster. Use air gaps. Don't cut corners. Make the bastards work for every byte. If they want a police state, at least make it obvious that it is a police state, and let them consider if they can afford to make that obvious, in a country where half the households are armed. If they want our communications, make them come and pick our locks and plant bugs everywhere. Don't just let them sit in their offices and hoover it all up.
A law to stop the NSA? Yeah, that oughta do the trick. *rolls eyes*
"There's this about cynicism. It's the universe's most supine moral position. If nothing can be done, then you're not some kind of shit for not doing it, and you can lie there and stink to yourself in perfect peace." (Paraphrased from "Borders of Infinity", Lois McMaster Bujold.)
If there are laws in place that clearly prohibit certain activities, and the NSA (or whoever) continues to practice those activities in defiance of the law and lie about it, there will be more people in the know who will be faced with an ethical conflict and who will have a clear moral imperative to blow the whistle, as Snowden did. Continue that cycle long enough, and Congress will eventually have to clean house, defunding the NSA, impeaching the president, or whatever it takes.
In other words, one giant evil corporation misused a broken system to extort money from another giant evil corporation. USA! USA!
Yes, just like all the other well-regulated banks in the US.
I smell the NSA.
Charles Stross has some interesting thoughts on this subject. tl;dr: leaks will continue because young people have no reason to be loyal to organizations that aren't loyal to them.
Anti-vaxxers aren't anti-vaxxers because they have genes for stupidity. I know a sysadmin who's an anti-vaxxer. They're anti-vaxxers because no one ever bothered to teach them how to evaluate claims critically.
Wow, quite the humanist, aren't you? Never mind how good a person this might be, how much contribution he might make to the world, or how many people care about him. He's "poor stock", get rid of him.
Yes, because contagious diseases preferentially kill stupid people. Oh, wait...
ITYM:
Help China? They can suck my dick.
Oh wait...
Safety that requires groping grandmas is not worth having, even if it really is safety.
That's because it's not democracy. It's theoretically-representative democracy. They do represent their base, of course, for large-corporate-donors values of "base".
The U.S. government actually criticized itself in public? Invest in ice skates now, Lucifer will be buying millions of them.
Really? I haven't been getting those at all. Some plugin I installed and forgot about, maybe.
Scareware? Antivirus? Oh yeah, I remember now! That stuff Windows users have to worry about.
On the other hand, the smart user will unplug the toaster whenever possible before reaching into it, thus ensuring personal safety even if the manufacturer screwed up. Not sure what the analogous safe practice would be with AWS, aside from RTFM and generally being cautious.
They seem to be confusing the GPL with the BSD license or the public domain. If they ignore the GPL, nothing else lets them use the GPL-licensed code, so they have to take it out. Schnell!
Well, Monchanger, you said: "If a team of highly decorated SEALs who devoted their lives to serving the nation confirm the report, it's the truth." Implying, you trust what government employees say, at least if they're SEALs. So Grishnakh drew the obvious corollary: The CIA said Saddam had WMDs. We have since seen that he did not. Government employees don't always tell the truth. This isn't trolling, it's making a good argument.