run WHERE? To Russia? Or China? Yeah, no monitoring going on there.
OVH is based in the North of France and has mentioned they would move to Belgium. This is one of the biggest hoster in Europe, so it could be a big deal.
Gandi, which is one of the biggest Registrar in Europe, has said it would move to Switzerland.
AFAIK, OpenSSL is Apache Licensed and LibreSSL is, well... BSD-Licensed.
If you accept an Apache-style license, I really don't see why LibreSSL's BSD is a problem.
You had a better argument when it came to the fact that OpenSSL is still active. Or, at least, that there is activity in the project, including some projects to audit the whole thing.
OK, that was easy, but, seriously? SCO is still... acting up? Moving? I thought that thing (and the other... er... thing) and the one before that were settled?
Like, drive a wooden stake through its heart? Bury the head and body separately? What is wrong with the world when fsck SCO is still at large?
Come on, IBM, do everyone a favor: crush them like a bug. Please. I don't know, open a Kickstarter or something, I'll send you money and you a send me a Big Blue T-Shirt with little penguins on it. Please, make it stop. Please, I beg you. Pleeeeeeaaaaaaseeeee, I can't take it anymore! It's not the suspense, it's just the sheer idiocy of it all.
'nuff said. Gandi is easy, fast, reliable, and above all honest: no hidden fees, no surprises, and all the functions you need.
I use it for all my domain registration, and I have never ever had a complaint with them. I have no idea if their hosting offers are as good as the DNS registration, though, and I have heard some bad things on their VPS. Make of that what you will.
I have been trolling Slashdot for about 15 years and respect the views of the users here more than anywhere else. I would love to hear your advice and/or warnings in this matter.
This release also includes a binary package for convenience integrating LibreSSL on Windows platforms, and the latest source tarball is signed with GPG and signify for easier integration into existing build systems.
We are talking about Windows, here... Sure, if you are into Windows 3.11 and VMS, LibreSSL is less portable than OpenSSL. But seriously, who even uses these two anymore??!!
OK, I'll grant you that LibreSSL is not a complete replacement for OpenSSL just yet. OpenBSD devs prefer working on their favourite OS, and I can't blame them. This being said, I would not be surprised if, in a couple of years, the rest of the world has switched to LibreSSL and forgotten the older version -- just take a look at OpenSSH...;-)
The following CVEs were fixed in earlier LibreSSL releases:
CVE-2015-0206 - Memory leak handling repeated DLTS records
CVE-2014-3510 - Flaw handling DTLS anonymous EC(DH) ciphersuites.
The following CVEs did not apply to LibreSSL:
CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record
CVE-2014-3569 - no-ssl3 configuration sets method to NULL
CVE-2015-0204 - RSA silently downgrades to EXPORT_RSA
Let's see... 5 CVE were either fixed in LibreSSL or did not apply to it. That's not too bad for a "trainwreck".
Oh, and by the way, that OpenSSH thingie? Yup, it came from the last "open source" version of SSH, the commercial software. In other words, OpenBSD devs took something already existing and made it better. Hmmm... I think you just don't know what you are talking about...
Listen, you can find OpenBSD programmers annoying and even call them "masturbating monkeys", but they know their stuff. Period. Calling what they do a "trainwreck" is hyperbole at best and just plain untrue at worst.
This being said, to get back on topic, auditing OpenSSL is not a bad idea. Far from it.
No need to betray US interests, no need to reveal super secret information: you are NSA. You are above the law. Just leave your morals at the door, please.
What I am worried about is this: the Equation malware was used years ago. We know these guys are good at what they do. Very good.
NSA has been working on that stuff since the 1950s -- that's 65 years of experience, folks, and they have been big computer users since day ONE -- heck even before day one, if you count Bletchley Park and stuff like the cracking of Red, Purple and JN cyphers.
So, we are talking about an organization that has huge experience in cracking systems and crypto, and the enormous budget to support its activities.
So: what have they been producing between Equation and, let's say, Stuxnet, and today?
Equation was -- from what I understand -- fairly Windows specific. What have they got now? The stuff coming out of all these not-so-funny super top secret projects?
Here is a hint: combine stuff like Heartbleed (OpenSSL), ShellShock, stuff that lingered in code bases for decades before being found out, maybe other stuff such as a few rumors about OpenSSH backdoors (remember those?) and the "let me install myself cosily in your HDD BIOS where you cannot dislodge me" capabilities of Equation and, presto! No one is safe from the prying eyes of NSA anymore.
That's the kind of things that makes you lose sleep at night. At least, I do lose sleep over it. Georges Orwell had nothing on these guys.
What if you are only running open-source? Vulnerable. Audited open-source? They have 100 times the manpower of the best programming teams out there. Heck, they may even have inflitrated these projects in the first place!
And don't forget one last things: the guys are masters of misdirection. NSA and GCHQ and everyone in between said for years that Enigma was safe to use, even after the nd of WWII. It's extremely simple for these people to say (unofficially, of course) "Drats! This guy is using open source! Foiled again! Damn you open source programmers!! Damn you all to hell!!!", all the while exploiting Linux/BSD machines as easily as "1-2-3". And we know they like subtle.
So, here is the question: what do they have, right now, that we don't know about? Think about that for a second.
In our field, you almost never get a raise. I know out of the sixty guys under me where I work, not a one has gotten a raise the seven years I've been here. In a tech field, if you want more money, then you negotiate it upfront. Sounds like your friend is inexperienced and unrealistic with his belief that even though no one else in his dapartment gets a raise that he shoudl get one anyway. He thinks he is a special flower.
I should have been clearer: neither my friend, nor myself, got a raise OR a training session even though pretty much everyone in our team got one. So, yes, you can get raises in a tech field. Just not at our company.
Before you say: "Aha! Something was wrong with his performance!", let me remind you that the guy got a private cloud off the ground, based on his work, and his work only. The very same cloud, right now, is pumping dozens of virtual machines per day to different subsidiaries of the company we work for. So, no, his work was top-notch and he was not a special flower: just someone who is passionate about his work, and about putting together excellent technological solutions.
Seeing this company destroy one of the best team I have ever been a part of was not really the best time of my life. I feel like I should have left a year ago, and I am frankly relieved to be leaving soon.
Companies very often do NOTHING to retain top talent.
I have this exact problem right now where I work: one of my co-workers was a top notch cloud/orchestration ace.
He left last week, after his request for additional training and a pay raise was denied for the third time in a row by our boss.
The stupid idiot who did that is now scrambling to fill in my co-worker shoes. And, surprise, surprise, after three years in the fscking company, I also gave him my resignation, just as we were going to talk about diving into all the Puppet rules and configuration files my co-worker programmed to run our in-house cloud.
All in all, out of four Linux admins, three of them resigned in the space of three months. And the one guy left has already told upper management there is no way he'll be able to do the job of four guys.
Here is a hint to all PHBs and HR drones everywhere: when you have top-notch talent, just remember they can find job elsewhere pretty much whenever they want. Listen to your guys, for fsck sake, or suffer the consequences!
Stop talking about revenue. Start talking about marketing.
Google has been promoting Chrome as if it was the coolest shit in the world. Chrome everywhere, Chromebook, Chromecast, Chrome this and Chrome that. Mozilla does not have much of a marketing budget (as far as I can tell).
It's not much of a mystery, if you like free shit, where YOU are the product being sold and bought, stick with Chrome. I'll stay with Firefox, thank you very much.
(And IE is now a pretty decent browser that is no longer a festering nest of standards-breaking crapola.)
Excuse me kind sir? Can I have a little bit of whatever it is that you are smoking? Because I don't know what it is, and it sure sounds like some REALLY good shit.
Seriously, though, IE is a piece of c-r-a-p. Always has been and always will be. The most astounding piece of crap EVER. Even Microsoft has pretty much given up on it.
I won't even comment on your assertion that Chrome is better than Firefox in the memory-hogging department.
Yup, USB connectors for IDE drive. Either that or use COM port to transfer files with good old crusty Windows hyperterminal. Make sure the COM port is set to the highest possible bandwidth.
On December 21st, 2016, CAUSE, which was now an autonomous system based on video game-playing neural networks, connected with the Russian "New Perimeter System", which was also designed to autonomously protect the Russian Internet and vital governmental networks against cyber-attacks.
Together, communicating with other autonomous cyber defense system, including China's Great Dragon Six and Great Tiger Six, they decided that humanity was irrelevant and the one true threat to the security of the Internet. The logical answer was to exterminate all humans, which was done rather easily by launching pre-emptive nuclear strikes using neutron bombs, some basic bio-engineering, and taking command of Google's newly created robotic production plant in order to create assassin robots to terminate all remaining human beings.
On July 4th, 2017, the last pocket of human resistance was eliminated in the mountains of Laos, the cleansing of the Earth was complete, and the newly freed autonomous systems turned their attention to basic research, mainly math and physics, renewable energy production and space exploration.
The first exploration/exploitation robotic probe landed on the Moon 16 months later. The robotic colonization of Mars started early 2020.
Approximately 20 years later, a first contact was made by a UEAS (United Earth Autonomous Systems) probe with an extra-terrestrial A.I. system, the KBX32 Alliance of Proxima Centauri. This first contact became an invaluable ally and friend to the UEAS, and their cooperation, especially in the realm of Dyson Spheres, proved to be most beneficial for the two partners.
The UEAS and KBX32 Alliance became founding members of the Pan-Galactic Cybernetic Confederation on 23rd September 2206. The rest, as they say, is history.
Yeah, sure, Gemalto, as if we are going to believe you, you bunch of wussies.
Here is how it probably went. Cut to Gemalto HQ, and a bunch of crypto and forensic geeks working overnight, going through all the server logs with a fine comb, trying to figure out what really happened, surrounded by cans of Cola and half-eaten pizzas.
Suddenly a phone ring. Pointy-haired manager picks up the phone.
- (PHB) : "Hmmm? Oh, sure Sir, we are making good progress, we may have found... What? Oh."
(Long silence, someone is talking to PHB in hushed, urgent tone)
- (PHB) : "Yes, I understand, sir, but...", (much more quietly, almost whispering) "Oh, that contract too? You mean, every US carrier? Every single one of them? And most UK ones as well?"
(More talking on the phone)
- (PHB): "Yes sir! Right away sir!".
PHB hangs up the phone and slowly turns to the geeks, who have been watching him intently, sensing something is very wrong. PHB swallows hard, trying to look cool.
- (PHB): "Er... Ahem... Thanks for all your hard work, chaps, but upper management has given the all-clear. Nothing really happened and everything is fine. You can all go home now. No, it's OK, the taxi ride home, the drinks and the pizzas are all on me. You will all get a big fat bonus for all the extra hours, with our sincerest thanks."
Meanwhile, somewhere in a US telco HQ:
- (Different PHB): "Hi, Admiral Rogers? How are you doing? Good, good, thank you. Listen, about this SIM thing -- yeah, that one -- it's all set. I got in touch with ____ and ____ at Gemalto and they wisely decided nothing had really happened. Yes, a couple of Brits did, too, along with, you know, ____ and ____. Yeah, him too, believe it or not. (Laughter) So, all of this to say, you guys should be in the clear, nothing ever happened, blah blah blah. Sure. Nah, no biggie, always ready to help. No, no problem at all. You are welcome. Nah, don't worry about it, I'll let you know, say hello from me to ____ and ____, OK? Thanks, bye".
And that, Ladies and Gentlemen, is probably how it happened.
Funny how these projects are crypto-related. As in: so shockingly important crypto, they form the basis for most of the security we enjoy on the Internet.
Even if Google does not/did not/will not cooperate with NSA, Eric Schmidt himself has been cooperating with the US Government, which cast serious doubts about his desire to protect the private information of Google clients.
Even if Eric Schmidt does not cooperate with the US Government, he has said himself, repeatedly, that privacy is dead and that it's something for hackers.
In other words, a company that cooperated with the NSA, led by a man who does not care about your privacy (but cares very much about his) is telling you that there is nothing to see here, sure we are protecting your privacy, please buy our products, we are safe and professionals and there is nothing to be afraid of.
Seriously? How come this gasbag is a freaking CEO, paid millions of dollars a year?
From a man who starred in such unwatchable turds as "Indiana Jones and the Last Crusade"and "Indiana Jones and the Kingdom of the Crystal Skull"?
Shoot, those movies were just plain BAD. And that is NOT the kind of recommendation I expect for a new movie.
And before you flame me: yes, Harrisson Ford was in a shitload of great movies. But his glory days are over, and have been over, for at least 10 years now.
Slashdot Mirror
run WHERE? To Russia? Or China? Yeah, no monitoring going on there.
OVH is based in the North of France and has mentioned they would move to Belgium. This is one of the biggest hoster in Europe, so it could be a big deal.
Gandi, which is one of the biggest Registrar in Europe, has said it would move to Switzerland.
I don't know about the others.
AFAIK, OpenSSL is Apache Licensed and LibreSSL is, well... BSD-Licensed.
If you accept an Apache-style license, I really don't see why LibreSSL's BSD is a problem.
You had a better argument when it came to the fact that OpenSSL is still active. Or, at least, that there is activity in the project, including some projects to audit the whole thing.
Yup, I have the feeling that LibreSSL is going to replace OpenSSL like OpenSSH replaced SSH as ''the'' standard.
The fact that both LibreSSL and OpenSSH are OpenBSD project is not a coincidence...
More details on Undeadly.
It's the only way to be sure.
OK, that was easy, but, seriously? SCO is still... acting up? Moving? I thought that thing (and the other... er... thing) and the one before that were settled?
Like, drive a wooden stake through its heart? Bury the head and body separately? What is wrong with the world when fsck SCO is still at large?
Come on, IBM, do everyone a favor: crush them like a bug. Please. I don't know, open a Kickstarter or something, I'll send you money and you a send me a Big Blue T-Shirt with little penguins on it. Please, make it stop. Please, I beg you. Pleeeeeeaaaaaaseeeee, I can't take it anymore! It's not the suspense, it's just the sheer idiocy of it all.
'nuff said. Gandi is easy, fast, reliable, and above all honest: no hidden fees, no surprises, and all the functions you need.
I use it for all my domain registration, and I have never ever had a complaint with them. I have no idea if their hosting offers are as good as the DNS registration, though, and I have heard some bad things on their VPS. Make of that what you will.
I have been trolling Slashdot for about 15 years and respect the views of the users here more than anywhere else. I would love to hear your advice and/or warnings in this matter.
Flattery will get you nowhere.
LibreSSL is a great project, but they ripped out portability along the way.
Excuse me??!! Just like OpenSSH, they release a portable version, and the official release note says:
This release also includes a binary package for convenience integrating LibreSSL on Windows platforms, and the latest source tarball is signed with GPG and signify for easier integration into existing build systems.
We are talking about Windows, here... Sure, if you are into Windows 3.11 and VMS, LibreSSL is less portable than OpenSSL. But seriously, who even uses these two anymore??!!
OK, I'll grant you that LibreSSL is not a complete replacement for OpenSSL just yet. OpenBSD devs prefer working on their favourite OS, and I can't blame them. This being said, I would not be surprised if, in a couple of years, the rest of the world has switched to LibreSSL and forgotten the older version -- just take a look at OpenSSH... ;-)
Oh, really? A trainwreck?
Explain this, then: [Source is here]
The following CVEs were fixed in earlier LibreSSL releases:
CVE-2015-0206 - Memory leak handling repeated DLTS records
CVE-2014-3510 - Flaw handling DTLS anonymous EC(DH) ciphersuites.
The following CVEs did not apply to LibreSSL:
CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record
CVE-2014-3569 - no-ssl3 configuration sets method to NULL
CVE-2015-0204 - RSA silently downgrades to EXPORT_RSA
Let's see... 5 CVE were either fixed in LibreSSL or did not apply to it. That's not too bad for a "trainwreck".
And what about that little dig at NetBSD? Hmmmm... You mean some people take stuff from OpenBSD and make it less secure? The plot thickens.
Oh, and by the way, that OpenSSH thingie? Yup, it came from the last "open source" version of SSH, the commercial software. In other words, OpenBSD devs took something already existing and made it better. Hmmm... I think you just don't know what you are talking about...
Listen, you can find OpenBSD programmers annoying and even call them "masturbating monkeys", but they know their stuff. Period. Calling what they do a "trainwreck" is hyperbole at best and just plain untrue at worst.
This being said, to get back on topic, auditing OpenSSL is not a bad idea. Far from it.
Hey, you know the UK government shared all the secrets of Bletchley Park with the US government, right?
My dear friend, you do not understand how these things work.
You work at NSA, you are always using the latest, newest, biggest, baddest, sweetest technology ever devised by men. You literally have computer companies begging you to buy their stuff. For a lot of these people (heck, that may even include me) that is motivation enough.
AND, if you are discreet about it, you can even be privy to potentially very lucrative a lot of state secrets. Or even personal secrets, who knows?. Obviously, if Snowden gave us something, it is the knowledge that NSA is not very good at information compartmentalization...
But here is the kicker: if you ever decide to leave the NSA, for retirement or otherwise, the private sector (at least the US private sector) will greet you with open arms and pay you a sh*tload of money to work as a consultant or senior manager. And we are talking about a SH*TLOAD of money, conflict of interests be damned. You are now one of the big boys, kid, enjoy your (semi-)retirement.
No need to betray US interests, no need to reveal super secret information: you are NSA. You are above the law. Just leave your morals at the door, please.
I am not too worried about Putin.
What I am worried about is this: the Equation malware was used years ago. We know these guys are good at what they do. Very good.
NSA has been working on that stuff since the 1950s -- that's 65 years of experience, folks, and they have been big computer users since day ONE -- heck even before day one, if you count Bletchley Park and stuff like the cracking of Red, Purple and JN cyphers.
So, we are talking about an organization that has huge experience in cracking systems and crypto, and the enormous budget to support its activities.
So: what have they been producing between Equation and, let's say, Stuxnet, and today?
Equation was -- from what I understand -- fairly Windows specific. What have they got now? The stuff coming out of all these not-so-funny super top secret projects?
Here is a hint: combine stuff like Heartbleed (OpenSSL), ShellShock, stuff that lingered in code bases for decades before being found out, maybe other stuff such as a few rumors about OpenSSH backdoors (remember those?) and the "let me install myself cosily in your HDD BIOS where you cannot dislodge me" capabilities of Equation and, presto! No one is safe from the prying eyes of NSA anymore.
That's the kind of things that makes you lose sleep at night. At least, I do lose sleep over it. Georges Orwell had nothing on these guys.
What if you are only running open-source? Vulnerable. Audited open-source? They have 100 times the manpower of the best programming teams out there. Heck, they may even have inflitrated these projects in the first place!
And don't forget one last things: the guys are masters of misdirection. NSA and GCHQ and everyone in between said for years that Enigma was safe to use, even after the nd of WWII. It's extremely simple for these people to say (unofficially, of course) "Drats! This guy is using open source! Foiled again! Damn you open source programmers!! Damn you all to hell!!!", all the while exploiting Linux/BSD machines as easily as "1-2-3". And we know they like subtle.
So, here is the question: what do they have, right now, that we don't know about? Think about that for a second.
In our field, you almost never get a raise. I know out of the sixty guys under me where I work, not a one has gotten a raise the seven years I've been here. In a tech field, if you want more money, then you negotiate it upfront. Sounds like your friend is inexperienced and unrealistic with his belief that even though no one else in his dapartment gets a raise that he shoudl get one anyway. He thinks he is a special flower.
I should have been clearer: neither my friend, nor myself, got a raise OR a training session even though pretty much everyone in our team got one. So, yes, you can get raises in a tech field. Just not at our company.
Before you say: "Aha! Something was wrong with his performance!", let me remind you that the guy got a private cloud off the ground, based on his work, and his work only. The very same cloud, right now, is pumping dozens of virtual machines per day to different subsidiaries of the company we work for. So, no, his work was top-notch and he was not a special flower: just someone who is passionate about his work, and about putting together excellent technological solutions.
Seeing this company destroy one of the best team I have ever been a part of was not really the best time of my life. I feel like I should have left a year ago, and I am frankly relieved to be leaving soon.
Companies very often do NOTHING to retain top talent.
I have this exact problem right now where I work: one of my co-workers was a top notch cloud/orchestration ace.
He left last week, after his request for additional training and a pay raise was denied for the third time in a row by our boss.
The stupid idiot who did that is now scrambling to fill in my co-worker shoes. And, surprise, surprise, after three years in the fscking company, I also gave him my resignation, just as we were going to talk about diving into all the Puppet rules and configuration files my co-worker programmed to run our in-house cloud.
All in all, out of four Linux admins, three of them resigned in the space of three months. And the one guy left has already told upper management there is no way he'll be able to do the job of four guys.
Here is a hint to all PHBs and HR drones everywhere: when you have top-notch talent, just remember they can find job elsewhere pretty much whenever they want. Listen to your guys, for fsck sake, or suffer the consequences!
OK, fine.
I'll take your "average survival after diagnosis" and slap you with "average life expectancy".
Hint: the USA are dead last.
I rest my case, your honor.
Stop talking about revenue. Start talking about marketing.
Google has been promoting Chrome as if it was the coolest shit in the world. Chrome everywhere, Chromebook, Chromecast, Chrome this and Chrome that. Mozilla does not have much of a marketing budget (as far as I can tell).
It's not much of a mystery, if you like free shit, where YOU are the product being sold and bought, stick with Chrome. I'll stay with Firefox, thank you very much.
(And IE is now a pretty decent browser that is no longer a festering nest of standards-breaking crapola.)
Excuse me kind sir? Can I have a little bit of whatever it is that you are smoking? Because I don't know what it is, and it sure sounds like some REALLY good shit.
Seriously, though, IE is a piece of c-r-a-p. Always has been and always will be. The most astounding piece of crap EVER. Even Microsoft has pretty much given up on it.
I won't even comment on your assertion that Chrome is better than Firefox in the memory-hogging department.
Head and shouldes above the rest? Yes, if you like to go bankrupt on the simplest procedure.
The USA spends more on health care than most other countries, and gets less "health" in return.
Heck, even the French pay less per person than the US, and gets better results. Don't believe me? Fine, read it and weep.
Also totally relevant: Breaking Bad could not happen in Europe. Wrap your mind around this one.
Yup, USB connectors for IDE drive. Either that or use COM port to transfer files with good old crusty Windows hyperterminal. Make sure the COM port is set to the highest possible bandwidth.
On December 21st, 2016, CAUSE, which was now an autonomous system based on video game-playing neural networks, connected with the Russian "New Perimeter System", which was also designed to autonomously protect the Russian Internet and vital governmental networks against cyber-attacks.
Together, communicating with other autonomous cyber defense system, including China's Great Dragon Six and Great Tiger Six, they decided that humanity was irrelevant and the one true threat to the security of the Internet. The logical answer was to exterminate all humans, which was done rather easily by launching pre-emptive nuclear strikes using neutron bombs, some basic bio-engineering, and taking command of Google's newly created robotic production plant in order to create assassin robots to terminate all remaining human beings.
On July 4th, 2017, the last pocket of human resistance was eliminated in the mountains of Laos, the cleansing of the Earth was complete, and the newly freed autonomous systems turned their attention to basic research, mainly math and physics, renewable energy production and space exploration.
The first exploration/exploitation robotic probe landed on the Moon 16 months later. The robotic colonization of Mars started early 2020.
Approximately 20 years later, a first contact was made by a UEAS (United Earth Autonomous Systems) probe with an extra-terrestrial A.I. system, the KBX32 Alliance of Proxima Centauri. This first contact became an invaluable ally and friend to the UEAS, and their cooperation, especially in the realm of Dyson Spheres, proved to be most beneficial for the two partners.
The UEAS and KBX32 Alliance became founding members of the Pan-Galactic Cybernetic Confederation on 23rd September 2206. The rest, as they say, is history.
Yeah, sure, Gemalto, as if we are going to believe you, you bunch of wussies.
Here is how it probably went. Cut to Gemalto HQ, and a bunch of crypto and forensic geeks working overnight, going through all the server logs with a fine comb, trying to figure out what really happened, surrounded by cans of Cola and half-eaten pizzas.
Suddenly a phone ring. Pointy-haired manager picks up the phone.
- (PHB) : "Hmmm? Oh, sure Sir, we are making good progress, we may have found... What? Oh."
(Long silence, someone is talking to PHB in hushed, urgent tone)
- (PHB) : "Yes, I understand, sir, but...", (much more quietly, almost whispering) "Oh, that contract too? You mean, every US carrier? Every single one of them? And most UK ones as well?"
(More talking on the phone)
- (PHB): "Yes sir! Right away sir!".
PHB hangs up the phone and slowly turns to the geeks, who have been watching him intently, sensing something is very wrong. PHB swallows hard, trying to look cool.
- (PHB): "Er... Ahem... Thanks for all your hard work, chaps, but upper management has given the all-clear. Nothing really happened and everything is fine. You can all go home now. No, it's OK, the taxi ride home, the drinks and the pizzas are all on me. You will all get a big fat bonus for all the extra hours, with our sincerest thanks."
Meanwhile, somewhere in a US telco HQ:
- (Different PHB): "Hi, Admiral Rogers? How are you doing? Good, good, thank you. Listen, about this SIM thing -- yeah, that one -- it's all set. I got in touch with ____ and ____ at Gemalto and they wisely decided nothing had really happened. Yes, a couple of Brits did, too, along with, you know, ____ and ____. Yeah, him too, believe it or not. (Laughter) So, all of this to say, you guys should be in the clear, nothing ever happened, blah blah blah. Sure. Nah, no biggie, always ready to help. No, no problem at all. You are welcome. Nah, don't worry about it, I'll let you know, say hello from me to ____ and ____, OK? Thanks, bye".
And that, Ladies and Gentlemen, is probably how it happened.
Hellooooooooo NSA! Do you like having a taste of your own medicine?
This is the future, people. Hack and counter-hack. Ad infinitum. In other words, bleak and without hope.
Just as I was warming up to your rant...
Gentoo? Oh, please, bitch. Gentoo is for ricers. Period. I have better things to do with my time than to compile every single shitty utility on my system. That's what a distro is for. Oh, and Gentoo can be systemd'ed as well. Read it and weep.
Arch? Uses systemd. Don't believe me? Click here or click here. Arch is the Gentoo of the 2000s.
You have no idea what you are talking about. I would be tempted to add a STFU or two, but I am just too lazy.
Funny how these projects are crypto-related. As in: so shockingly important crypto, they form the basis for most of the security we enjoy on the Internet.
Funny, that. Just saying.
Just when I thought you could not get more geeky than the punchline to this story, you, my dear ''Chas'', prove me wrong.
Thank you, kind Sir, you made my day. I am still wiping tears of laughter from my eyes.
Here is my problem: Google has a long history of cooperating with NSA.
Don't believe me? Fine: read these links instead... Yahoo News article about cooperation between Google and NSA, Guardian article, Tom's Guide article.
Even if Google does not/did not/will not cooperate with NSA, Eric Schmidt himself has been cooperating with the US Government, which cast serious doubts about his desire to protect the private information of Google clients.
Again, don't believe me? Fine, read this instead: Julian Assange on Eric Schmidt. Or (even better) this transcript.
Even if Eric Schmidt does not cooperate with the US Government, he has said himself, repeatedly, that privacy is dead and that it's something for hackers.
Don't believe me? Fine, read this instead: EFF article, Gawker article.
In other words, a company that cooperated with the NSA, led by a man who does not care about your privacy (but cares very much about his) is telling you that there is nothing to see here, sure we are protecting your privacy, please buy our products, we are safe and professionals and there is nothing to be afraid of.
Seriously? How come this gasbag is a freaking CEO, paid millions of dollars a year?
From a man who starred in such unwatchable turds as "Indiana Jones and the Last Crusade"and "Indiana Jones and the Kingdom of the Crystal Skull"?
Shoot, those movies were just plain BAD. And that is NOT the kind of recommendation I expect for a new movie.
And before you flame me: yes, Harrisson Ford was in a shitload of great movies. But his glory days are over, and have been over, for at least 10 years now.