There are many diseases out there. Some are easy to cure, some hard. Just because we cured some diseases doesn't mean it's equally easy to cure the others. In years gone by we cured the "low-hanging fruit," and are now working to cure the difficult diseases.
No, there's a known weakness. Highly simplified version: The Dual_EC_DRBG algorithm has several constants which can be chosen in such a way to allow whoever chose them to predict some things about the random values. We have no idea why the constants in the standard were chosen the way they were, and the NSA was involved in choosing them. Therefore, the NSA had the opportunity to exploit the weakness by choosing the constants appropriately, and the algorithm should not be used with those constants.
Cryptography is not security. It's one component of security, but is not the entirety thereof. They likely are quite good at crypto, that doesn't mean they're good at the rest.
Snowden had the appropriate level of clearance, but not the need to know. He should not have had access to the data outside his need to know. The US has 3 clearance levels: confidential, secret, and top secret. Information is supposed to be compartmented such that a person with a given clearance can only access information at or below that clearance level which is needed to do their job. Simply having Top Secret clearance should not give access to all top secret documents. Snowden clearly had access to numerous top secret documents not needed to do his job.
He also managed to remove the data from his place of employment, as well as remove himself from the country.
The NSA is good at certain aspects of security, and plainly terrible at others.
No, I observe that the NSA doesn't know enough about security to prevent a low-level contractor from walking out with a massive trove of documents and giving them to the media. I assume that any organization so inept at their publicly stated goal is not actually working towards that goal, and look for what they're really looking towards. Spying on everyone without regard to laws or the constitution seems to be their actual goal, since they're accomplishing that handily.
Snowden was a contractor, who had access to a significant amount of data he didn't need to know for his job. He walked out with it and gave it to the news media.
Why do you assume that the NSA is good at security? Why do you trust the NSA propaganda that they're good at security? Clearly they're not good at security. And if Snowden walked out over an ideology how many other contractors have done the same thing, but in secret and sold the data to other governments? It would be idiotic to assume none have.
If the NSA took their job seriously their own networks would have been secure.
You assume that the people running the NSA care about anything but their own power. This seems silly. For example, look at the inter-branch rivalry within the US military. The Air Force hates the A-10 because it's slow, the Marines love it because it works well to keep them alive. The Air Force won't let the Marines fly the thing, because planes are for the Air Force (unless they land on a ship). There are hundreds of other petty disputes like that, many of which have cost the lives of US servicemen. Why would you expect the NSA to look out for anyone other than the NSA?
Damien Miller wrote this implementation, not DJB. DJB designed the ciphers and wrote the reference implementations. DJM and DJB are two different people.
Try the self-destructing cookies addon. When you close a tab, the cookies created by that tab are removed. You can whitelist domains to prevent their cookies from being deleted. This way, sites see cookies as being enabled, but can't track you after you close the tab. https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/
Yep. I'm doing a project for a class right now (making a Rube-Goldberg style contraption) and so just bought a bunch of steel bearing balls. I am now noise in the watch lists, inadvertently screwing up the NSA. There is a LOT more noise than there is signal. There are too many viable terrorist targets, it's too easy to attack them, and there are very few terrorists, so the "security" measures don't actually add to the security at all. The NSA does nothing to help prevent terrorist attacks. The TSA actively assists terrorist attacks by creating choke points at the security lines! Also, the vast majority of the (very few) terrorists we do have are idiots. A group like the IRA operating in the US could have done much more damage than any terrorist attack attempt since 9/11. The fact that no one has when it's so easy just shows that there aren't any terrorists to catch.
The NSA is one part. Guantanamo is another. The scale is smaller, but the acts are similar. The USA is torturing people and imprisoning them until they die. This is evil. The stated goal of the NSA's spying programs is to catch "terrorists" who are then sent to Guantanamo or other holding camps. To do this they violate the constitution of the US, then very thing they're supposed to be protecting.
A firefighter who goes on an axe-murder spree shouldn't be allowed to stay out of jail because most of the time he's not using the axe to kill people.
"Today I mourn for two things: for the fate of those millions of people who were murdered by the National Socialists. And for the girl Traudl Humps who lacked the self-confidence and good sense to speak out against them at the right moment." -- Gertraud "Traudl Humps" Junge, Adolf Hitler's secretary. She was pardoned at the Nureberg trials. "She was young, she couldn't have known any better. She was only guilty of consistently going along with what her society demanded. She was not the one who had brought death to Europe and the East, and in fact was ignorant of the Nazi's crimes as they were being committed."
Later in life, she said: "It was no excuse to be young. It would have been possible to find things out."
http://www.viruscomix.com/page474.html
Ignorance among the rank-and-file is not an excuse. Collaborating with evil is evil.
The fun thing about a nuclear waste pile is that it generates heat. You can use it to run a generator without needing criticality. RTGs use this principle. So it's a low-output power plant, as well as a waste dump.
I'm thin because my energy input is equal to my energy output. It varies a bit up/down from day to day, but on average I have a constant weight.
That said, changing things is hard. I've tried to gain weight in the past, it takes dedication. Eating more is quite difficult for me. It takes quite a bit of willpower to stay on a diet, and you need to stay on the diet for a long time. Once you hit your ideal weight you can't go back to your old diet, that will just make you (too fat/too thin) again, you have to go to a diet balanced to keep you at your ideal.
There is a central library, you just have to tell it what folders to monitor. And set up the UI to show the library viewer. Then just click "all music" and all the music in the library will be shown in the "library viewer selection" tab.
Foobar is great, IFF you take the time to customize it to your liking. It comes very, very minimalist, so if you don't want to set it up it's not for you. If you want a player that you can set up however you like, it's for you.
For Android, AFWall+ is a good frontend for iptables, and makes it easy to create per-app rules. It includes its own iptables and busybox binaries if your rom doesn't have them.
Something like The Geek Group's "Project Thumper" works too. (https://www.youtube.com/watch?v=5AyD1utqh_8) It uses a spark gap switch. Run something like that through a coil and you've got a nice EMP.
Such passwords were NEVER safe. The reason passphrases CAN be good is that they can be made easy to remember while STILL BEING RANDOMLY GENERATED. Diceware is a good example: You get a LOT of entropy for each word in the phrase, so a short phrase of 5-6 words gives you a good password. Thinking up 5-6 words will give you a terrible password, since there will be very low entropy in your choices.
The monetary incentives aren't that big. Let's say the NSA can crack SHA-2 256. They have an annual operating budget somewhere above $10 Billion USD. (http://www.washingtonpost.com/wp-srv/special/national/black-budget/) The total current value of all bitcoins is about $11 Billion USD. (http://bitcoincharts.com/bitcoin/) If someone starts selling massive numbers of bitcoins the price will quickly drop, just like in a run on a bank. The total amount they can extract at once is limited by the amounts of money the exchanges have. The exchanges don't have anywhere near the total. For a quick and (very) dirty upper bound on what they have, let's assume they take a 0.6% transaction fee from all transactions, and that all transaction fees are available. That would indicate at most about $66 Million USD is held by the exchanges. In practice that amount will be lower. So the amount of money they'd gain would be small compared to their total budget. The spy agencies protect their crypto breakthroughs as well as they can, much better than many of their other programs. They'd likely never risk it to get a measly $60 million payout, at least not when they can get congress to vote a bigger increase into their budget in the name of "national security" and "terrorism." An individual stealing the method and using it would be more likely, but the NSA is known to protect its crypto secrets far better than it protects details of its operations.
Google docs is fine for word processing, spreadsheets, and presentations. It's not a replacement for notepad, and you can't easily stick google docs documents into your version control system with the code they document.
Slashdot Mirror
There are many diseases out there. Some are easy to cure, some hard. Just because we cured some diseases doesn't mean it's equally easy to cure the others. In years gone by we cured the "low-hanging fruit," and are now working to cure the difficult diseases.
No, there's a known weakness. Highly simplified version:
The Dual_EC_DRBG algorithm has several constants which can be chosen in such a way to allow whoever chose them to predict some things about the random values. We have no idea why the constants in the standard were chosen the way they were, and the NSA was involved in choosing them.
Therefore, the NSA had the opportunity to exploit the weakness by choosing the constants appropriately, and the algorithm should not be used with those constants.
No, GPG is pure asymmetric crypt. SSL & SSH use generated symmetric keys, but they're not used for the same things as GPG.
Cryptography is not security. It's one component of security, but is not the entirety thereof. They likely are quite good at crypto, that doesn't mean they're good at the rest.
Snowden had the appropriate level of clearance, but not the need to know. He should not have had access to the data outside his need to know. The US has 3 clearance levels: confidential, secret, and top secret. Information is supposed to be compartmented such that a person with a given clearance can only access information at or below that clearance level which is needed to do their job. Simply having Top Secret clearance should not give access to all top secret documents. Snowden clearly had access to numerous top secret documents not needed to do his job.
He also managed to remove the data from his place of employment, as well as remove himself from the country.
The NSA is good at certain aspects of security, and plainly terrible at others.
No, I observe that the NSA doesn't know enough about security to prevent a low-level contractor from walking out with a massive trove of documents and giving them to the media. I assume that any organization so inept at their publicly stated goal is not actually working towards that goal, and look for what they're really looking towards. Spying on everyone without regard to laws or the constitution seems to be their actual goal, since they're accomplishing that handily.
Snowden was a contractor, who had access to a significant amount of data he didn't need to know for his job.
He walked out with it and gave it to the news media.
Why do you assume that the NSA is good at security? Why do you trust the NSA propaganda that they're good at security? Clearly they're not good at security. And if Snowden walked out over an ideology how many other contractors have done the same thing, but in secret and sold the data to other governments? It would be idiotic to assume none have.
If the NSA took their job seriously their own networks would have been secure.
You assume that the people running the NSA care about anything but their own power. This seems silly. For example, look at the inter-branch rivalry within the US military. The Air Force hates the A-10 because it's slow, the Marines love it because it works well to keep them alive. The Air Force won't let the Marines fly the thing, because planes are for the Air Force (unless they land on a ship). There are hundreds of other petty disputes like that, many of which have cost the lives of US servicemen. Why would you expect the NSA to look out for anyone other than the NSA?
Ian M. Banks' Culture series does that pretty well.
Yes, but what would we do for the 52nd and 53rd states? We need 53, after all, the US is "One nation, indivisible."
Damien Miller wrote this implementation, not DJB. DJB designed the ciphers and wrote the reference implementations. DJM and DJB are two different people.
Try the self-destructing cookies addon.
When you close a tab, the cookies created by that tab are removed. You can whitelist domains to prevent their cookies from being deleted.
This way, sites see cookies as being enabled, but can't track you after you close the tab.
https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/
Yep. I'm doing a project for a class right now (making a Rube-Goldberg style contraption) and so just bought a bunch of steel bearing balls. I am now noise in the watch lists, inadvertently screwing up the NSA. There is a LOT more noise than there is signal. There are too many viable terrorist targets, it's too easy to attack them, and there are very few terrorists, so the "security" measures don't actually add to the security at all. The NSA does nothing to help prevent terrorist attacks. The TSA actively assists terrorist attacks by creating choke points at the security lines! Also, the vast majority of the (very few) terrorists we do have are idiots. A group like the IRA operating in the US could have done much more damage than any terrorist attack attempt since 9/11. The fact that no one has when it's so easy just shows that there aren't any terrorists to catch.
The NSA is one part. Guantanamo is another. The scale is smaller, but the acts are similar. The USA is torturing people and imprisoning them until they die. This is evil. The stated goal of the NSA's spying programs is to catch "terrorists" who are then sent to Guantanamo or other holding camps. To do this they violate the constitution of the US, then very thing they're supposed to be protecting.
A firefighter who goes on an axe-murder spree shouldn't be allowed to stay out of jail because most of the time he's not using the axe to kill people.
"Today I mourn for two things: for the fate of those millions of people who were murdered by the National Socialists. And for the girl Traudl Humps who lacked the self-confidence and good sense to speak out against them at the right moment." -- Gertraud "Traudl Humps" Junge, Adolf Hitler's secretary.
She was pardoned at the Nureberg trials. "She was young, she couldn't have known any better. She was only guilty of consistently going along with what her society demanded. She was not the one who had brought death to Europe and the East, and in fact was ignorant of the Nazi's crimes as they were being committed."
Later in life, she said:
"It was no excuse to be young. It would have been possible to find things out."
http://www.viruscomix.com/page474.html
Ignorance among the rank-and-file is not an excuse. Collaborating with evil is evil.
The fun thing about a nuclear waste pile is that it generates heat. You can use it to run a generator without needing criticality. RTGs use this principle.
So it's a low-output power plant, as well as a waste dump.
The turbines are already VERY loud. Many can be heard for several miles around. No need for whistles.
I'm thin because my energy input is equal to my energy output. It varies a bit up/down from day to day, but on average I have a constant weight.
That said, changing things is hard. I've tried to gain weight in the past, it takes dedication. Eating more is quite difficult for me. It takes quite a bit of willpower to stay on a diet, and you need to stay on the diet for a long time. Once you hit your ideal weight you can't go back to your old diet, that will just make you (too fat/too thin) again, you have to go to a diet balanced to keep you at your ideal.
There is a central library, you just have to tell it what folders to monitor. And set up the UI to show the library viewer. Then just click "all music" and all the music in the library will be shown in the "library viewer selection" tab.
Foobar is great, IFF you take the time to customize it to your liking. It comes very, very minimalist, so if you don't want to set it up it's not for you. If you want a player that you can set up however you like, it's for you.
For Android, AFWall+ is a good frontend for iptables, and makes it easy to create per-app rules. It includes its own iptables and busybox binaries if your rom doesn't have them.
Something like The Geek Group's "Project Thumper" works too. (https://www.youtube.com/watch?v=5AyD1utqh_8) It uses a spark gap switch. Run something like that through a coil and you've got a nice EMP.
Such passwords were NEVER safe. The reason passphrases CAN be good is that they can be made easy to remember while STILL BEING RANDOMLY GENERATED. Diceware is a good example: You get a LOT of entropy for each word in the phrase, so a short phrase of 5-6 words gives you a good password. Thinking up 5-6 words will give you a terrible password, since there will be very low entropy in your choices.
The monetary incentives aren't that big.
Let's say the NSA can crack SHA-2 256.
They have an annual operating budget somewhere above $10 Billion USD. (http://www.washingtonpost.com/wp-srv/special/national/black-budget/)
The total current value of all bitcoins is about $11 Billion USD. (http://bitcoincharts.com/bitcoin/)
If someone starts selling massive numbers of bitcoins the price will quickly drop, just like in a run on a bank.
The total amount they can extract at once is limited by the amounts of money the exchanges have.
The exchanges don't have anywhere near the total. For a quick and (very) dirty upper bound on what they have, let's assume they take a 0.6% transaction fee from all transactions, and that all transaction fees are available. That would indicate at most about $66 Million USD is held by the exchanges. In practice that amount will be lower.
So the amount of money they'd gain would be small compared to their total budget. The spy agencies protect their crypto breakthroughs as well as they can, much better than many of their other programs. They'd likely never risk it to get a measly $60 million payout, at least not when they can get congress to vote a bigger increase into their budget in the name of "national security" and "terrorism." An individual stealing the method and using it would be more likely, but the NSA is known to protect its crypto secrets far better than it protects details of its operations.
Simple: The NSA can blackmail any member of congress. They can ruin the political careers of anyone who tries to rein them in.
Google docs is fine for word processing, spreadsheets, and presentations. It's not a replacement for notepad, and you can't easily stick google docs documents into your version control system with the code they document.
We pandeists will be fine with that.