Taking control and functionality away from the web developer because browser developers think they know what's best for everyone.
Yes, because clearly you WANT to load that advertisement further down on the page. That is clearly more important than the image right in front of you.
Frankly I fail to see the intelligence of anyone who commits themselves to one party or the other. They are directly claiming that party allegiance is more important than critical thinking during elections.
Not really. If you care about one of the "litmus test" issues, then you are likely to vote along party lines. If one of your most important issues involves either side of the "gun control" or "abortion" debate then you will likely vote along party lines. The thinking is that you are better off with a fool that will vote the way that you want rather than an intelligent person who will vote against the issues that you care about.
I mostly agree with you. Note the final line of my original post:
Still, this does not excuse FISA. I have no problems with the government spying, but why is it asking too much to just get a warrant?
However, we have not had that many deaths due to either there not being much of a threat, or there is a larger threat than you realize, but the government has been effective at thwarting such attempts. I won't pretend to know the answer, but if the government CAN do something reasonable to prevent murders that still agrees with the Constitution, then it should do so.
I mean, more people were killed by toddlers in the US in 2015 than by terrorists
We had thousands killed by only 19 terrorists in 2001.
Nice, France: 86 people killed by a terrorist with a truck, and over 400 injured.
We had a guy with terrorist leaning kill a few people with a truck only a couple of months ago. in New York.
One difference is that toddlers generally don't set out to kill. Terrorists have the goal of killing as many people as they can. This country also has a LOT more toddlers than terrorists. Be honest, would you rather be locked in a room with five angry toddlers or five angry terrorists?
Still, this does not excuse FISA. I have no problems with the government spying, but why is it asking too much to just get a warrant?
Well, I have seen charging stations. They are not as common as they need to be to truly support a switch to electric, but we are slowly getting there.
However, the cost for an EV will probably never come down to a parity with ICE cars (at least not without an artificial tax on gas vehicles). Lithium is still expensive, and demand for it is keeping the prices high.
Really, the only hope is for some type of battery that does not involve lithium to take off (and no fair switching lithium for unobtanium -- all materials used must be cheaper).
Tons of research is going into batteries, but it is way too early to bet on a winning horse at this point.
OK. I admit that, with the increase in online sales, a full-blown internet sales tax will almost certainly happen one day. However, my wife owns an Internet business. Will she have to file paperwork in all 50 states? How about county and city taxes?
For this to actually be feasible, we need some sort of government web site where you list sales by zip code. They give you an amount and you pay it. That site distributes the money to the various cities and states. Otherwise, the paperwork will drown a small business.
Huh? Making it EASIER is not a guarantee that it will happen.
I used to live in a rural area. It takes money to bury miles of cable, and money to install the DSLAM. If your expected payments over the next 10 years do not even cover the cost of installation, what do you suggest the ISPs do? Operate at a loss? Most companies don't intentionally set out to loose money.
Up until 2-1/2 years ago, I lived in a rural area 13 miles from the closest gas station. I only had 5 Mbps, and was lucky to have that. It was actually quite livable. I could easily stream a Netflix show while doing other things. I even did a little bit of telecommuting (chip design) over a VPN, using tools like SOC Encounter (very graphics based). Not ideal, but livable.
So, double that? Yeah, enough to support 2 or 3 streaming movies at the same time. More is always better, but 10 Mbps is definitely nothing to complain about. Yeah, if you are downloading a 10 GB video game, it might take more than 1/2 hour.
Public-key cryptography depends on problems which are believed to be hard to solve, but it could be that there is a solution which simply hasn't been discovered yet.
And if it becomes possible to crack ECC or RSA keys economically, somebody getting your e-mails off of your phones is the least of society's problems. All economic transactions become practically impossible on the Internet.
At some point, you have to trust the algorithms, because you ARE ALREADY TRUSTING THE ALGORITHMS TODAY. Even if YOU don't trust them, your bank does. The stock market does.
In short, if ECC and/or RSA falls, all of society as we know it is screwed.
You act as if CAs have never had keys compromised, or abused their position of trust to issue false certificates (under duress or otherwise). Some organizations which have had exactly these problems are still around and allowed to issue keys trusted by all the major browsers. If anything, the CA system illustrates exactly why key escrow is a horrible idea.
You act as if all encryption is suddenly broken and not used anymore because it is useless. Hmmm. As I type this, I see "https" at the top of the URL bar. You do know that "certificate revocation" is a thing, right? Yes, some false certificates were issued. Do experts suddenly recommend that encrypted web traffic is a bad idea based on that information?
Keep in mind that phones are devices that have their firmware in flash memory, not masked ROM. The firmware can be updated. New certificates can be loaded.
To summarize, encryption can be applied to phones, the same techniques with are already being used billions of times a day to protect web traffic. I fail to see how a solution works well enough for everything else can suddenly become horrible when applied to a device that an attacker needs physical access to in order to compromise.
The private key is encrypted with a trusted party's public key. That is how encryption works. Play with the MBED-TLS library for a while to get a feel of things.
I, for one, want a world where law enforcement can put criminals away -- even if the criminals use encryption. I don't want to "destroy security." Security involved keeping the bad guys away from your data. If you define the police as "bad guys" then that is a matter of semantics.
As far as who keeps the keys, as I said, certificate organizations manage the run their entire business around keeping their private key private. Every organization that has an "https" web page has a private key that they somehow manage. You act as if this type of thing has never happened before. A state-sponsored cracker could also wreck economies if they could somehow get into banks, the stock market, etc. How is this any different, except that there is not billions of dollars at stake?
First, your scheme requires the ability to export the private key from the device (even if it is encrypted). This is poor security practice.
Why? If RSA and/or ECC are really "uncrackable", and is mathematically proven so, I fail to see the problem.
generate and store the private key in a tamper-resistant secure chip
Absolutely true. However, it has to be tamper-resistant because this chip stores PLAIN-TEXT KEYS. If they keys are stored encrypted, the the key encryption key has to be stored in pain-text. These chips often have limited memory, so you can off-load secrets from the crypto chip into the host, but this key is encrypted using a chip-specific key. What you call "poor security practice" is baked into the TPM spec.
Second, why should the manufacturer have the ability to decrypt the user's data?
OK. You have a point here. However, if you accept the postulate that somebody with a warrant signed by a judge has the right to break into your stuff, then you have to trust SOMEBODY. Maybe not the manufacturer, but a private company with a staff of lawyers to protect the rights of the customers.
On the other hand, if you don't accept that postulate, then you probably trust nobody. I, for one, would like to help law enforcement if possible, provided that they can get a warrant. I would not trust them with the keys, but would be OK with having somebody else decrypt my info as long as my legal rights are respected.
Fourth, the manufacturer's private key will eventually leak.
Hmmm. There are a several companies that make a living issuing certificates that have managed to keep their private keys secret. There is already an ecosystem around this problem Why would this one use case be any different?
Fifth, the manufacturer cannot be trusted to represent the owner's interests by requiring a legally-sound warrant before exercising their backdoor
This is closely related to your second point. However, I could imagine that not protecting the customer's privacy would result in some backlash against the company, as it should be. Transparency would be the problem here. Once again, maybe have a trusted 3rd party be the key holder. Maybe some organization like the EFF could have the key-holder and charge the police $1,000 to decrypt the data.
Public/private key cryptography has been proven secure. HTTPS is based on it, and it is strong enough for me to do banking on-line.
For cases like the police needing to get into an iPhone, all that needs to be done is to take the phone secret (say, an AES key or the phone unlock code) could be encrypted using Apple's public key, and this encrypted secret could be made public (or presented over the USB port). Nobody can do anything with it, except the people who hold the private key (the manufacturer).
Law enforcement can turn over a warrant and the manufacturer can decrypt the secret key, and turn it back over to law enforcement. The government still needs to present a warrant, it is secure, and everybody should be happy.
bandwidth requirements that are beyond the ability of content providers to distribute
Not only do you need more bandwidth to appreciate 8K, you also need upgraded retinas. Maybe each 8K TV should come with a magnifying glass so that you can see the difference between 4K and 8K.
They used to be called "pundits." Now they are called "journalists."
I really hate the media these days. I am not a huge fan on Trump, but I see that the media does not give him a fair shake. Every media outlet has an agenda, whether it is to praise Trump, or (mostly) vilify every single thing that he does. Both sides promote some stories while ignoring others, and ignore the facts that ruin their narrative
I have seen a great double-standard where Democrats get away with things, but when a Republican does the same thing, they are crucified.
According to Tom's Hardware, out of the three announced AMD laptops, two of them are going to use single-channel memory. Yeah, that will make AMD look good.
I am trying to re-watch all of the old Doctor Who serials. In fact, I have not seen any between Peter Davidson and Paul McGann. I would stream them if I could do so legally, but Netflix DVD is the only choice.
One thing that you forget. Robots churn out a lot of products at a low cost. If everybody is poor and can't afford those goods, the robots are churning out products for nobody, and the robot owners make no money.
America has a fairly low unemployment rate. I guess that steel, the steam engine, the electric motor, and computers have so far failed to put everybody out of work.
Should we go back to hand-crafting a computer with skilled artisans hand-painting transistors, wielding a chunk of silicon and paintbrushes with arsenic and boron, just like our forefathers made computers 200 years ago?
Slashdot Mirror
Yes, because clearly you WANT to load that advertisement further down on the page. That is clearly more important than the image right in front of you.
Not really. If you care about one of the "litmus test" issues, then you are likely to vote along party lines. If one of your most important issues involves either side of the "gun control" or "abortion" debate then you will likely vote along party lines. The thinking is that you are better off with a fool that will vote the way that you want rather than an intelligent person who will vote against the issues that you care about.
I mostly agree with you. Note the final line of my original post:
However, we have not had that many deaths due to either there not being much of a threat, or there is a larger threat than you realize, but the government has been effective at thwarting such attempts. I won't pretend to know the answer, but if the government CAN do something reasonable to prevent murders that still agrees with the Constitution, then it should do so.
We had thousands killed by only 19 terrorists in 2001.
Nice, France: 86 people killed by a terrorist with a truck, and over 400 injured.
We had a guy with terrorist leaning kill a few people with a truck only a couple of months ago. in New York.
One difference is that toddlers generally don't set out to kill. Terrorists have the goal of killing as many people as they can. This country also has a LOT more toddlers than terrorists. Be honest, would you rather be locked in a room with five angry toddlers or five angry terrorists?
Still, this does not excuse FISA. I have no problems with the government spying, but why is it asking too much to just get a warrant?
Well, I have seen charging stations. They are not as common as they need to be to truly support a switch to electric, but we are slowly getting there.
However, the cost for an EV will probably never come down to a parity with ICE cars (at least not without an artificial tax on gas vehicles). Lithium is still expensive, and demand for it is keeping the prices high.
Really, the only hope is for some type of battery that does not involve lithium to take off (and no fair switching lithium for unobtanium -- all materials used must be cheaper).
Tons of research is going into batteries, but it is way too early to bet on a winning horse at this point.
Crap. The story just keeps getting worse.
Still, it remains to be seen if the taxes collected will just be by state, or if it will include counties and cities.
It might not come this year, but I am 99% certain that this tax loohole will be closed in the next decade.
OK. I admit that, with the increase in online sales, a full-blown internet sales tax will almost certainly happen one day. However, my wife owns an Internet business. Will she have to file paperwork in all 50 states? How about county and city taxes?
For this to actually be feasible, we need some sort of government web site where you list sales by zip code. They give you an amount and you pay it. That site distributes the money to the various cities and states. Otherwise, the paperwork will drown a small business.
Huh? Making it EASIER is not a guarantee that it will happen.
I used to live in a rural area. It takes money to bury miles of cable, and money to install the DSLAM. If your expected payments over the next 10 years do not even cover the cost of installation, what do you suggest the ISPs do? Operate at a loss? Most companies don't intentionally set out to loose money.
Up until 2-1/2 years ago, I lived in a rural area 13 miles from the closest gas station. I only had 5 Mbps, and was lucky to have that. It was actually quite livable. I could easily stream a Netflix show while doing other things. I even did a little bit of telecommuting (chip design) over a VPN, using tools like SOC Encounter (very graphics based). Not ideal, but livable.
So, double that? Yeah, enough to support 2 or 3 streaming movies at the same time. More is always better, but 10 Mbps is definitely nothing to complain about. Yeah, if you are downloading a 10 GB video game, it might take more than 1/2 hour.
Wait. When did laser printers start using a print head?
Yeah, we have it. I even have a couple of FM tuners that pick it up. I have never seen a digital AM radio in the wild.
https://en.wikipedia.org/wiki/...
Here is a tuner that you can likely pick up in a store today:
https://www.bestbuy.com/site/i...
However, there is not enough compelling reason to invest in HD radio in the US, at least from my experience.
Do they use the same patent-laden system as here in the US, or is there a chance to use an open decoder?
tl';dr: Even be biggest, baddest, most secure cryptographic algorithms are not powerful enough to protect my stash of porn.
And if it becomes possible to crack ECC or RSA keys economically, somebody getting your e-mails off of your phones is the least of society's problems. All economic transactions become practically impossible on the Internet.
At some point, you have to trust the algorithms, because you ARE ALREADY TRUSTING THE ALGORITHMS TODAY. Even if YOU don't trust them, your bank does. The stock market does.
In short, if ECC and/or RSA falls, all of society as we know it is screwed.
You act as if all encryption is suddenly broken and not used anymore because it is useless. Hmmm. As I type this, I see "https" at the top of the URL bar. You do know that "certificate revocation" is a thing, right? Yes, some false certificates were issued. Do experts suddenly recommend that encrypted web traffic is a bad idea based on that information?
Keep in mind that phones are devices that have their firmware in flash memory, not masked ROM. The firmware can be updated. New certificates can be loaded.
To summarize, encryption can be applied to phones, the same techniques with are already being used billions of times a day to protect web traffic. I fail to see how a solution works well enough for everything else can suddenly become horrible when applied to a device that an attacker needs physical access to in order to compromise.
The private key is encrypted with a trusted party's public key. That is how encryption works. Play with the MBED-TLS library for a while to get a feel of things.
I, for one, want a world where law enforcement can put criminals away -- even if the criminals use encryption. I don't want to "destroy security." Security involved keeping the bad guys away from your data. If you define the police as "bad guys" then that is a matter of semantics.
As far as who keeps the keys, as I said, certificate organizations manage the run their entire business around keeping their private key private. Every organization that has an "https" web page has a private key that they somehow manage. You act as if this type of thing has never happened before. A state-sponsored cracker could also wreck economies if they could somehow get into banks, the stock market, etc. How is this any different, except that there is not billions of dollars at stake?
You missed a couple of things...
Why? If RSA and/or ECC are really "uncrackable", and is mathematically proven so, I fail to see the problem.
Absolutely true. However, it has to be tamper-resistant because this chip stores PLAIN-TEXT KEYS. If they keys are stored encrypted, the the key encryption key has to be stored in pain-text. These chips often have limited memory, so you can off-load secrets from the crypto chip into the host, but this key is encrypted using a chip-specific key. What you call "poor security practice" is baked into the TPM spec.
OK. You have a point here. However, if you accept the postulate that somebody with a warrant signed by a judge has the right to break into your stuff, then you have to trust SOMEBODY. Maybe not the manufacturer, but a private company with a staff of lawyers to protect the rights of the customers.
On the other hand, if you don't accept that postulate, then you probably trust nobody. I, for one, would like to help law enforcement if possible, provided that they can get a warrant. I would not trust them with the keys, but would be OK with having somebody else decrypt my info as long as my legal rights are respected.
Hmmm. There are a several companies that make a living issuing certificates that have managed to keep their private keys secret. There is already an ecosystem around this problem Why would this one use case be any different?
This is closely related to your second point. However, I could imagine that not protecting the customer's privacy would result in some backlash against the company, as it should be. Transparency would be the problem here. Once again, maybe have a trusted 3rd party be the key holder. Maybe some organization like the EFF could have the key-holder and charge the police $1,000 to decrypt the data.
Seriously, why is this an issue?
Public/private key cryptography has been proven secure. HTTPS is based on it, and it is strong enough for me to do banking on-line.
For cases like the police needing to get into an iPhone, all that needs to be done is to take the phone secret (say, an AES key or the phone unlock code) could be encrypted using Apple's public key, and this encrypted secret could be made public (or presented over the USB port). Nobody can do anything with it, except the people who hold the private key (the manufacturer).
Law enforcement can turn over a warrant and the manufacturer can decrypt the secret key, and turn it back over to law enforcement. The government still needs to present a warrant, it is secure, and everybody should be happy.
Have I missed something?
Not only do you need more bandwidth to appreciate 8K, you also need upgraded retinas. Maybe each 8K TV should come with a magnifying glass so that you can see the difference between 4K and 8K.
They used to be called "pundits." Now they are called "journalists."
I really hate the media these days. I am not a huge fan on Trump, but I see that the media does not give him a fair shake. Every media outlet has an agenda, whether it is to praise Trump, or (mostly) vilify every single thing that he does. Both sides promote some stories while ignoring others, and ignore the facts that ruin their narrative
I have seen a great double-standard where Democrats get away with things, but when a Republican does the same thing, they are crucified.
Where does one go for truly unbiased coverage?
According to Tom's Hardware, out of the three announced AMD laptops, two of them are going to use single-channel memory. Yeah, that will make AMD look good.
http://www.tomshardware.com/ne...
Thanks. I have never heard of them before, but it looks VERY interesting. I appreciate the information.
I am trying to re-watch all of the old Doctor Who serials. In fact, I have not seen any between Peter Davidson and Paul McGann. I would stream them if I could do so legally, but Netflix DVD is the only choice.
One thing that you forget. Robots churn out a lot of products at a low cost. If everybody is poor and can't afford those goods, the robots are churning out products for nobody, and the robot owners make no money.
America has a fairly low unemployment rate. I guess that steel, the steam engine, the electric motor, and computers have so far failed to put everybody out of work.
Should we go back to hand-crafting a computer with skilled artisans hand-painting transistors, wielding a chunk of silicon and paintbrushes with arsenic and boron, just like our forefathers made computers 200 years ago?
Git works by hashing the data. Hashing data works great for both text and data.
Yes, hashing a large file takes longer, but you do it as it is uploaded, and the impact is minimal.
"Git" seems to have solved the deduping problem rather well.