I searched that, clicked the first link, clicked download, and on the right hand side is "Community edition: FREE". I'm not sure how much clearer they could make it...
Android does do sandboxing and the "nuisanceware" the OP talks about could just be uninstalled.
There have been one or two exploits in the past that allowed apps to make themselves difficult to uninstall. They were bugs that got fixed. Android doesn't have anywhere near the same level of risk as Windows does when it comes to malware.
Yes, I have too - IntelliJ itself is written using Swing and it's quite appealing on all the platforms I've used it on. But I guess that they had to develop custom themes for it and be very careful to achieve that.
JFX8 looks great out of the box. It supports hi-dpi/retina displays and has a generic cross-platform theme called Modena which is a lot more tasteful than previous Java desktop themes. It doesn't match any particular platform, but I've been writing an app with it on the Mac and it can actually look better than Aqua sometimes. Still, the theming system is powerful enough that you can also get AquaFX which matches the theme in MacOSX Mountain Lion (it's done by a third party).
Just to ram home the point about Maven+IntelliJ, enabling AquaFX in my project involved typing in the following code:
if (System.getProperty("os.name").toLowerCase().contains("mac")) {
AquaFx.style();
}
(you're only allowed to use AquaFX on a Mac because of the art being copyrighted by Apple, etc).
Of course AquaFx is an unknown class, so I just asked for an auto correct there, told it to find the class in Maven, then did an interactive search for AquaFX in the resulting dialog. Press enter, and it was downloaded+installed in the background. Also the build system definition (an XML file) was updated so people building from the command line or using other IDEs would also see the dependency. A few seconds later the code is no longer red and the app runs.
It may well be that.NET has something similar, and I know most scripting platforms have this sorted out these days too, but it's nevertheless very convenient to have it so tightly integrated.
The Windows JRE installer is an obnoxious piece of crap. Fortunately modern JDKs ship with something called the JavaFX Bundler, which makes native installers (exe, msi, dmg, rpm, deb) for each platform that bundles a stripped down JRE with the app, so there is no need to install the JRE or keep it up to date. If you are distributing consumer software or don't want to handle the problem of keeping JREs up to date, it's useful.
There are also tools that can eliminate the need for the JVM entirely, for instance by ahead of time compiling entirely to native (Excelsior JET is one such program), or alternative JVMs that sacrifice some performance for code size, like Avian.
No, I've seen pretty much that dynamic happen at Google where we use a lot of C++ and Java.
There are some places Java just can't follow C++... the Google core web search serving system is mostly C++ because it involves decoding extremely compact data structures at insanely high speeds, to the extent that the verymost inner code has branch prediction hints in it. Java can't do that nor will it ever be extended to do so. Lots of servers at Google are written in C++ for the same reason. I don't believe it's only 5% faster, the rule of thumb I see is you lose about 2x the performance by using Java when all the costs are taken into account (like constantly re-compiling the same code over and over on the live servers, the GC costs, etc).
Despite that, lots more code is written in Java, because the cost of using C++ is so high. Sure, when the sailing is smooth there isn't a huge difference between them as long as your libraries and support infrastructure are good, but the moment someone slips up and accidentally double frees memory on an error path you've got a problem that can take an entire team a week or more to track down. I've seen it and partaken in such bug hunts. There's nothing quite like trying to find memory corruptions that only show up in the production environment once a day, when you have thousands of servers.
Basically any programmer can screw up that way. Java strikes a reasonable balance between safety and performance, which makes sense even when you are a company like Twitter or Google.
IntelliJ IDEA Community Edition is both open source and free, so your comment is a pretty epic failure. As it happens I bought the Ultimate edition during their end-of-the-world sale that was in the hours before the Mayan calendar predicted armageddon, so I got it cheap. Best doomsday scenario ever!
You know, it's not like Java lacks unsigned types because they simply forgot about them. It lacks them because experience with C and C++ indicated that mixing of signed and unsigned types can lead to lot of weird bugs. It's one of the reasons those languages have a reputation for being giant cannons pointed at the developers feet.
On the flip side, although lack of unsigned types probably makes pure Java code more robust, the moment you have to do any kind of parsing of file or wire formats it immediately becomes a sharp edge with which to cut yourself (that and the decision to make the JVM big endian - doh!).
Ultimately I'd rather Java had unsigned types, if only to make interop eaiser, but the line between safety and features is always a finely balanced judgement call.
NativeActivity doesn't support most of the Android APIs, including most obviously the widget toolkit. It's intended for games that just need an OpenGL context and raw input, all other kinds of apps still need to use Java.
And you know what? That's not such a bad thing. A few years ago I guess I was basically a C++ programmer who was in the "Java sucks" camp, and I came back to Java only because I wanted to write stuff for Android. Over time I've come to appreciate the whole platform and ecosystem more. Things I especially appreciate:
IntelliJ IDEA and the Inspector. My previous experience with Java IDEs was Eclipse, which is not only incredibly slow and resource intensive but also has a very confusing IDE. Over the years this situation has changed - IntelliJ is genuinely helpful, and uses much more reasonable amounts of RAM than such IDE's used to. I find myself very much appreciating the real-time, on the fly static analysis that can find all kinds of issues from basic logic bugs to common API usage errors, like inverting the arguments of assertEquals in a unit test.
Most Java libraries are available via Maven repositories. Maven itself is a rather quirky beast that I never truly warmed to, but the Java world has what is essentially a giant apt-get for libraries. IntelliJ understands how work with Maven such that you can write some code that doesn't compile, press alt-enter over the missing class and tell it to go figure it out. It can find the right library, automatically download it and all its dependencies, install it into the local Maven repository and recompile the code, all on the fly within a few seconds. Coming from the C/C++ world where every single project has a uniquely malformed build system and package repositories (when they exist at all) are maintained by Linux distributors who are invariably miles behind upstream releases, it's extremely convenient.
JavaFX 8 turns out to be a really nice UI toolkit. Java got a well deserved reputation for awful desktop apps that were clunky, slow, and had UIs only a mother could love. This problem started with AWT that was limited by the lowest common denominator (Motif at a time when nearly the whole world used Windows). Swing was more powerful but was still very ugly and was hobbled by the lack of any truly great UI designers for it (every IDE creator invented their own). JavaFX 8 resolves all these problems: it's designed to be competitive with Cocoa, so the whole thing is an OpenGL accelerated scene graph, it makes it easy to support fancy effects and animations, and it comes with a very straightforward and easy to use Scene Builder app that makes building UIs a snap. I've used the Apple GUI design tools and Scene Builder is even easier. JFX8 seems to make desktop app development with Java actually compelling again.
Lots of people know it. That means, for an open source project, lots of potential contributors.
I followed the original trial very closely. At no point have I said it was only about rounded rectangles, just that this was one of the design issues at play in the trial.
Bizarre. You think I just made that up? Go read the summary on Wikipedia and in particular pay attention to the following section:
On August 24, 2012 the jury returned a verdict largely favorable to Apple. It found that Samsung had willfully infringed on Apple's design and utility patents and had also diluted Apple's trade dresses related to the iPhone. The jury awarded Apple $1.049 billion in damages and Samsung zero damages in its counter suit.[51] The jury found Samsung infringed Apple's patents on iPhone's "Bounce-Back Effect" (US Patent No.7,469,381), "On-screen Navigation (US Patent No.7,844,915), and "Tap To Zoom" (US Patent No.7,864,163), and design patents that covers iPhone's features such as the "home button, rounded corners and tapered edges" (US D593087) and "On-Screen Icons" (US D604305).
Apple claimed, and got a court to agree with them, that any rectangular phone with rounded corners violated their patents.
There's no standard that says phones should not slice your fingers when you touch the edges, but it is nevertheless an essential design property. That's not a requirement of GSM, that's common fucking sense.
If you think Samsung is somehow the aggressor here and Apple is a poor hurt little child, you need a serious reality check. Ever since it became apparent that the iPhone had a real competitor in Android, Apple has been trying to shut down the competition left right and center with bogus patents that should not exist.
Firstly, a US court with a Silicon Valley jury found for Apple despite serious juror misconduct (to the extent that their judgement made no sense and they had to be told to do it again). Then after Samsung managed to hit back Obama himself vetoed the punishment.
These events have made the US look like a banana republic where the justice system is weak and laughable.
Given they apparently haven't even switched on any computers there yet, presumably the cyberattack fun still hasn't begun.
This raises the question of where they're processing all their existing data. Fort Meade ran out of electricity some time ago, from what I understand, so presumably they have some other big datacenters in other places.
Yeah, you put in words what I was thinking for a while now. It's obvious that these problems aren't specific to the NSA or GCHQ. Rather they're due to a cold war mindset that too many senior civil servants and politicians seem unable to break out.
GCHQ has been hacking Belgacom to spy on the EU in Brussels. WTF? Why?! If they want to know what's going down in the EU then they can just..... go ask. I mean the UK contributes its fair share of money to the EU, so what possible benefit is there to treating it as if it was the KGB?
These agencies need to be stripped down, badly, and the money saved reinvested into other things. The staff that are left can be given a purely defensive mandate (w.r.t internet stuff at least). But I don't think it will happen whilst the current lot are in charge. They seem to like the power too much. And maybe they are also trapped in a cold war mindset. Perhaps it will take my generation, the first post cold-war generation to enter politics before these problems get really fixed.
BTW the UK announced today that it was renaming the national police squad again. SOCA no longer, now it's the National Crime Agency, formed from merging several agencies together...... and slashing the budget by 30%. So it is spending money to record all internet traffic, every last TCP ACK, but the actual police who deal with practical problems on British streets, like gang warfare, they're having their budget murdered. 999 response times have doubled since austerity began. It's obvious that a working national police force and working emergency services save more lives than GCHQ hacking oil firms and telcos.
Well, this is the peak oil argument - more oil can always be extracted, but at what price? The price is high because extracting oil from shale rock is significantly harder than getting the old fashioned stuff, which is why it's been left till last and it took many years of high prices to cause a surge in production. I don't think prices will fall again back to where they were pre-2004, ever.
It reduces the maximum resolution of the system and means some prices would be too small to represent on the wire.
Should the Bitcoin community one day be so successful that the system being unable to represent prices low enough is an actual problem, a flag day can be scheduled which changes the wire-size of the value units in the protocol, thus adding more "decimal places" (they are not really represented as floats).
The nice thing about Bitcoin is that it's a consensus system, so scheduling flag days is quite straightforward as long as you do actually get a majority of people to upgrade by the given date. As long as a majority do, the rest of the nodes will be automatically disconnected from the system and have to upgrade to rejoin.
They know the outputs in the guys wallet - if that money were to suddenly start moving, it would eventually (probably quickly) have to turn up at one of the Bitcoin exchanges, given how tiny the Bitcoin economy is and how much more useful a state backed currency is (today). Those exchanges are all well known, registered with their local governments, etc. Figuring out who is trying to cash out would not be very hard.
You'd have put money away and bonded lawyers so they could "spring you"? How exactly are these lawyers going to do that? Ulbricht is guilty as fuck and clearly knows it. The two criminal complaints are overflowing with evidence and that's not going to be all the Fed's have got. I have a hard time seeing how any lawyer is going to wriggle out from under all that stuff. Doesn't matter if you somehow managed to bond the best of the best ahead of time.
Also, you seem to have overlooked the fact that the guy was poor. Given he had explicitly stated in the past that he was motivated by money, that rather implies he was afraid of converting large chunks of his Bitcoin wealth into dollar wealth, probably because he wasn't sure he could beat the ID verification and AML checks the exchanges all do these days. If a bank sees an unemployed guy who lives with flatmates suddenly start receiving enormous wires from a Bitcoin exchange, and then sending money on to law firms, that's the kind of thing that triggers them filing a "suspicious activity report" with the US Treasury. It's actually not so easy to cash out large illegal holdings of Bitcoin, you'd have to find someone to do it on your behalf who doesn't mind potentially being hit with a money laundering charge if you were to go down. That's not easy.
That said, I'll agree that the guy was a walking cliche. The only thing unclear to me is how many criminals out there aren't - whenever we see cases like this, it always seems like the gangsters literally started speaking like a bad movie character. Is it that the movies are so accurate, or the bad guys learn how to behave by watching films?
Because he knew that if there was an indiscriminate data dump, governments would use that to distract from the real meat. By getting professional journalists to digest the data into understandable stories, he ensured that would not happen. Also he feels details about specific operations or sites or whatever isn't really important to the debate, which is what he cares about the most.
Now that said, we'll have to see if he is happy with the current level of disclosures. My impression so far is that he has been very happy with how things worked out. But this is a guy who had EFF and Tor stickers on his laptop. If he knows Tor is broken and the Guardian do stories implying that it's not, it'll be interesting to see if he has any reaction to that. Right now he's lying low because he wanted to fade away so the stories focus on the material - and that's something he has done amazingly well.
Insufficient data to draw useful conclusions
on
How The NSA Targets Tor
·
· Score: 5, Interesting
A few days ago a well known Tor developer was getting angry on Twitter because he thought the Guardian was holding back a story on Tor due to redacting requests and pressure from governments.
The presentations cited date from 2007. That's 6 years ago and tells us diddly squat about their current capabilities. All it tells us, really, is that in 2007 they had developed some working techniques in the lab, and were talking about the same kinds of attacks that were being discussed in public. It also tells us they use custom malware - but that was already revealed previously.
The Snowden files contain a complete copy of GCHQ's internal wiki. It seems highly unlikely that there is no further information on Tor after 2007. Rather, it feels like the British and American governments treat their capabilities against Tor as one of their most valuable secrets and applied significant pressure, the resulting compromise being "you can make a story about Tor, as long as it's based on old information that is no longer relevant".
It's also rather duplicitous. This study shows a graph that clearly indicates a bloodbath in recorded music sales, and then says "the drastic decline of revenues warned of by the lobby associations of record labels is not in evidence". The reason for this conclusion is that concert revenues went up. But perhaps those revenues would have gone up even in the absence of widespread music piracy. Regardless, it is irrelevant - the record labels (which are remember fairly small companies whose clients are actual artists) predicted a drastic decline in the thing that suddenly became easy to steal, which is exactly what happened. It does not change the brutal fact that income from recorded music halved once mass piracy became easy thanks to fast internet and MP3.
Does anyone believe the world consumes half the amount of recorded music as it did in 1999? No.
The debate on piracy is important because although music felt the sharp edge of the sword first, ultimately all creative industries have to suffer from it. OK, so parts of the music business that happen to put on good concerts might have been able to replace losses from piracy by travelling more. But TV shows don't put on concerts. Movies don't put on concerts. Video games certainly don't.
Trying to make an argument about piracy and copyright based purely on the fact that (parts of!) the music business found ways to replace lost revenue is pointless - it ignores all the other industries that rely on working copyright.
PFS would not help in this case. The FBI asserted that a pen register (which is not a warrant and merely requires the government to assert "relevance") is sufficient to obtain the SSL keys for an entire service, because they choose to implement it via an SSL interceptor. LavaBit argued the pen register does not grant such broad power, so then they went and got a search warrant for it instead.
Obviously if the FBI has the SSL key, they can impersonate LavaBit and intercept everything at that point. It helps only to prevent the NSA reading their old packet logs.
The news here is not change your crypto - it doesn't work in the face of the $5 wrench attack (more accurately, $1000 fine per day). The news is that the FBI believes (and the court agreed) that the only thing they have to do to obtain an SSL key is assert that it is "relevant" to an ongoing investigation, an extremely low standard that is almost meaningless.
A CA just verifies identity. Compromising one lets you mint fake SSL certs, if you can do a MITM attack, but it's the kind of thing that would eventually be noticed.
Also there are efforts underway to fix this through the "certificate transparency" initiative.
Slashdot Mirror
I searched that, clicked the first link, clicked download, and on the right hand side is "Community edition: FREE". I'm not sure how much clearer they could make it ...
Android does do sandboxing and the "nuisanceware" the OP talks about could just be uninstalled.
There have been one or two exploits in the past that allowed apps to make themselves difficult to uninstall. They were bugs that got fixed. Android doesn't have anywhere near the same level of risk as Windows does when it comes to malware.
Yes, I have too - IntelliJ itself is written using Swing and it's quite appealing on all the platforms I've used it on. But I guess that they had to develop custom themes for it and be very careful to achieve that.
JFX8 looks great out of the box. It supports hi-dpi/retina displays and has a generic cross-platform theme called Modena which is a lot more tasteful than previous Java desktop themes. It doesn't match any particular platform, but I've been writing an app with it on the Mac and it can actually look better than Aqua sometimes. Still, the theming system is powerful enough that you can also get AquaFX which matches the theme in MacOSX Mountain Lion (it's done by a third party).
Just to ram home the point about Maven+IntelliJ, enabling AquaFX in my project involved typing in the following code:
if (System.getProperty("os.name").toLowerCase().contains("mac")) {
AquaFx.style();
}
(you're only allowed to use AquaFX on a Mac because of the art being copyrighted by Apple, etc).
Of course AquaFx is an unknown class, so I just asked for an auto correct there, told it to find the class in Maven, then did an interactive search for AquaFX in the resulting dialog. Press enter, and it was downloaded+installed in the background. Also the build system definition (an XML file) was updated so people building from the command line or using other IDEs would also see the dependency. A few seconds later the code is no longer red and the app runs.
It may well be that .NET has something similar, and I know most scripting platforms have this sorted out these days too, but it's nevertheless very convenient to have it so tightly integrated.
The Windows JRE installer is an obnoxious piece of crap. Fortunately modern JDKs ship with something called the JavaFX Bundler, which makes native installers (exe, msi, dmg, rpm, deb) for each platform that bundles a stripped down JRE with the app, so there is no need to install the JRE or keep it up to date. If you are distributing consumer software or don't want to handle the problem of keeping JREs up to date, it's useful.
There are also tools that can eliminate the need for the JVM entirely, for instance by ahead of time compiling entirely to native (Excelsior JET is one such program), or alternative JVMs that sacrifice some performance for code size, like Avian.
No, I've seen pretty much that dynamic happen at Google where we use a lot of C++ and Java.
There are some places Java just can't follow C++ ... the Google core web search serving system is mostly C++ because it involves decoding extremely compact data structures at insanely high speeds, to the extent that the verymost inner code has branch prediction hints in it. Java can't do that nor will it ever be extended to do so. Lots of servers at Google are written in C++ for the same reason. I don't believe it's only 5% faster, the rule of thumb I see is you lose about 2x the performance by using Java when all the costs are taken into account (like constantly re-compiling the same code over and over on the live servers, the GC costs, etc).
Despite that, lots more code is written in Java, because the cost of using C++ is so high. Sure, when the sailing is smooth there isn't a huge difference between them as long as your libraries and support infrastructure are good, but the moment someone slips up and accidentally double frees memory on an error path you've got a problem that can take an entire team a week or more to track down. I've seen it and partaken in such bug hunts. There's nothing quite like trying to find memory corruptions that only show up in the production environment once a day, when you have thousands of servers.
Basically any programmer can screw up that way. Java strikes a reasonable balance between safety and performance, which makes sense even when you are a company like Twitter or Google.
IntelliJ IDEA Community Edition is both open source and free, so your comment is a pretty epic failure. As it happens I bought the Ultimate edition during their end-of-the-world sale that was in the hours before the Mayan calendar predicted armageddon, so I got it cheap. Best doomsday scenario ever!
You know, it's not like Java lacks unsigned types because they simply forgot about them. It lacks them because experience with C and C++ indicated that mixing of signed and unsigned types can lead to lot of weird bugs. It's one of the reasons those languages have a reputation for being giant cannons pointed at the developers feet.
On the flip side, although lack of unsigned types probably makes pure Java code more robust, the moment you have to do any kind of parsing of file or wire formats it immediately becomes a sharp edge with which to cut yourself (that and the decision to make the JVM big endian - doh!).
Ultimately I'd rather Java had unsigned types, if only to make interop eaiser, but the line between safety and features is always a finely balanced judgement call.
NativeActivity doesn't support most of the Android APIs, including most obviously the widget toolkit. It's intended for games that just need an OpenGL context and raw input, all other kinds of apps still need to use Java.
And you know what? That's not such a bad thing. A few years ago I guess I was basically a C++ programmer who was in the "Java sucks" camp, and I came back to Java only because I wanted to write stuff for Android. Over time I've come to appreciate the whole platform and ecosystem more. Things I especially appreciate:
I followed the original trial very closely. At no point have I said it was only about rounded rectangles, just that this was one of the design issues at play in the trial.
Bizarre. You think I just made that up? Go read the summary on Wikipedia and in particular pay attention to the following section:
Apple claimed, and got a court to agree with them, that any rectangular phone with rounded corners violated their patents.
There's no standard that says phones should not slice your fingers when you touch the edges, but it is nevertheless an essential design property. That's not a requirement of GSM, that's common fucking sense.
If you think Samsung is somehow the aggressor here and Apple is a poor hurt little child, you need a serious reality check. Ever since it became apparent that the iPhone had a real competitor in Android, Apple has been trying to shut down the competition left right and center with bogus patents that should not exist.
Firstly, a US court with a Silicon Valley jury found for Apple despite serious juror misconduct (to the extent that their judgement made no sense and they had to be told to do it again). Then after Samsung managed to hit back Obama himself vetoed the punishment.
These events have made the US look like a banana republic where the justice system is weak and laughable.
Given they apparently haven't even switched on any computers there yet, presumably the cyberattack fun still hasn't begun.
This raises the question of where they're processing all their existing data. Fort Meade ran out of electricity some time ago, from what I understand, so presumably they have some other big datacenters in other places.
Yeah, you put in words what I was thinking for a while now. It's obvious that these problems aren't specific to the NSA or GCHQ. Rather they're due to a cold war mindset that too many senior civil servants and politicians seem unable to break out.
GCHQ has been hacking Belgacom to spy on the EU in Brussels. WTF? Why?! If they want to know what's going down in the EU then they can just ..... go ask. I mean the UK contributes its fair share of money to the EU, so what possible benefit is there to treating it as if it was the KGB?
These agencies need to be stripped down, badly, and the money saved reinvested into other things. The staff that are left can be given a purely defensive mandate (w.r.t internet stuff at least). But I don't think it will happen whilst the current lot are in charge. They seem to like the power too much. And maybe they are also trapped in a cold war mindset. Perhaps it will take my generation, the first post cold-war generation to enter politics before these problems get really fixed.
BTW the UK announced today that it was renaming the national police squad again. SOCA no longer, now it's the National Crime Agency, formed from merging several agencies together ...... and slashing the budget by 30%. So it is spending money to record all internet traffic, every last TCP ACK, but the actual police who deal with practical problems on British streets, like gang warfare, they're having their budget murdered. 999 response times have doubled since austerity began. It's obvious that a working national police force and working emergency services save more lives than GCHQ hacking oil firms and telcos.
Well, this is the peak oil argument - more oil can always be extracted, but at what price? The price is high because extracting oil from shale rock is significantly harder than getting the old fashioned stuff, which is why it's been left till last and it took many years of high prices to cause a surge in production. I don't think prices will fall again back to where they were pre-2004, ever.
It reduces the maximum resolution of the system and means some prices would be too small to represent on the wire.
Should the Bitcoin community one day be so successful that the system being unable to represent prices low enough is an actual problem, a flag day can be scheduled which changes the wire-size of the value units in the protocol, thus adding more "decimal places" (they are not really represented as floats).
The nice thing about Bitcoin is that it's a consensus system, so scheduling flag days is quite straightforward as long as you do actually get a majority of people to upgrade by the given date. As long as a majority do, the rest of the nodes will be automatically disconnected from the system and have to upgrade to rejoin.
It's not infinitely divisible. Each coins is divisible into 100 million subunits. On the wire value is represented with an int64.
They know the outputs in the guys wallet - if that money were to suddenly start moving, it would eventually (probably quickly) have to turn up at one of the Bitcoin exchanges, given how tiny the Bitcoin economy is and how much more useful a state backed currency is (today). Those exchanges are all well known, registered with their local governments, etc. Figuring out who is trying to cash out would not be very hard.
You'd have put money away and bonded lawyers so they could "spring you"? How exactly are these lawyers going to do that? Ulbricht is guilty as fuck and clearly knows it. The two criminal complaints are overflowing with evidence and that's not going to be all the Fed's have got. I have a hard time seeing how any lawyer is going to wriggle out from under all that stuff. Doesn't matter if you somehow managed to bond the best of the best ahead of time.
Also, you seem to have overlooked the fact that the guy was poor. Given he had explicitly stated in the past that he was motivated by money, that rather implies he was afraid of converting large chunks of his Bitcoin wealth into dollar wealth, probably because he wasn't sure he could beat the ID verification and AML checks the exchanges all do these days. If a bank sees an unemployed guy who lives with flatmates suddenly start receiving enormous wires from a Bitcoin exchange, and then sending money on to law firms, that's the kind of thing that triggers them filing a "suspicious activity report" with the US Treasury. It's actually not so easy to cash out large illegal holdings of Bitcoin, you'd have to find someone to do it on your behalf who doesn't mind potentially being hit with a money laundering charge if you were to go down. That's not easy.
That said, I'll agree that the guy was a walking cliche. The only thing unclear to me is how many criminals out there aren't - whenever we see cases like this, it always seems like the gangsters literally started speaking like a bad movie character. Is it that the movies are so accurate, or the bad guys learn how to behave by watching films?
Because he knew that if there was an indiscriminate data dump, governments would use that to distract from the real meat. By getting professional journalists to digest the data into understandable stories, he ensured that would not happen. Also he feels details about specific operations or sites or whatever isn't really important to the debate, which is what he cares about the most.
Now that said, we'll have to see if he is happy with the current level of disclosures. My impression so far is that he has been very happy with how things worked out. But this is a guy who had EFF and Tor stickers on his laptop. If he knows Tor is broken and the Guardian do stories implying that it's not, it'll be interesting to see if he has any reaction to that. Right now he's lying low because he wanted to fade away so the stories focus on the material - and that's something he has done amazingly well.
A few days ago a well known Tor developer was getting angry on Twitter because he thought the Guardian was holding back a story on Tor due to redacting requests and pressure from governments.
The presentations cited date from 2007. That's 6 years ago and tells us diddly squat about their current capabilities. All it tells us, really, is that in 2007 they had developed some working techniques in the lab, and were talking about the same kinds of attacks that were being discussed in public. It also tells us they use custom malware - but that was already revealed previously.
The Snowden files contain a complete copy of GCHQ's internal wiki. It seems highly unlikely that there is no further information on Tor after 2007. Rather, it feels like the British and American governments treat their capabilities against Tor as one of their most valuable secrets and applied significant pressure, the resulting compromise being "you can make a story about Tor, as long as it's based on old information that is no longer relevant".
.... however, you can install apps from outside the Play Store on Android.
It's also rather duplicitous. This study shows a graph that clearly indicates a bloodbath in recorded music sales, and then says "the drastic decline of revenues warned of by the lobby associations of record labels is not in evidence". The reason for this conclusion is that concert revenues went up. But perhaps those revenues would have gone up even in the absence of widespread music piracy. Regardless, it is irrelevant - the record labels (which are remember fairly small companies whose clients are actual artists) predicted a drastic decline in the thing that suddenly became easy to steal, which is exactly what happened. It does not change the brutal fact that income from recorded music halved once mass piracy became easy thanks to fast internet and MP3.
Does anyone believe the world consumes half the amount of recorded music as it did in 1999? No.
The debate on piracy is important because although music felt the sharp edge of the sword first, ultimately all creative industries have to suffer from it. OK, so parts of the music business that happen to put on good concerts might have been able to replace losses from piracy by travelling more. But TV shows don't put on concerts. Movies don't put on concerts. Video games certainly don't.
Trying to make an argument about piracy and copyright based purely on the fact that (parts of!) the music business found ways to replace lost revenue is pointless - it ignores all the other industries that rely on working copyright.
PFS would not help in this case. The FBI asserted that a pen register (which is not a warrant and merely requires the government to assert "relevance") is sufficient to obtain the SSL keys for an entire service, because they choose to implement it via an SSL interceptor. LavaBit argued the pen register does not grant such broad power, so then they went and got a search warrant for it instead.
Obviously if the FBI has the SSL key, they can impersonate LavaBit and intercept everything at that point. It helps only to prevent the NSA reading their old packet logs.
The news here is not change your crypto - it doesn't work in the face of the $5 wrench attack (more accurately, $1000 fine per day). The news is that the FBI believes (and the court agreed) that the only thing they have to do to obtain an SSL key is assert that it is "relevant" to an ongoing investigation, an extremely low standard that is almost meaningless.
A CA just verifies identity. Compromising one lets you mint fake SSL certs, if you can do a MITM attack, but it's the kind of thing that would eventually be noticed.
Also there are efforts underway to fix this through the "certificate transparency" initiative.
Right. Crimes with victims were reserved for the admins.
BTW only an idiot thinks that forged IDs etc is "victimless". What happens to the unlucky sods who get mortgages taken out in their name?