You can't just say "assume decent quality public/private key crypto such that a crypto crack is not an option". We're not talking about breaking the encryption on something that Bruce Schneier designed. See the article for the level of coder we're talking about. Attacking the encryption would be my starting point for all of these. If it can decrypt the incoming messages, chances are there's a flaw I can find that will lead me to that key.
I drive I-45 just North of Houston and regularly see the things being driven north towards Dallas. I've never looked into where they're coming from or going, but I see them on a regular weekly basis.
If there was only one browser, they would only check in their own browser, and assume it would look fine for everyone else. Which is definitely not the case.
Honestly, it hasn't been that long since that really was the case for 90%+ of web developers.
Yes I mean sucrose, that's why I said 'sugar' and not 'sugars'.:P
And of course it isn't true, it was a comment not a declaration of absolute fact. Mostly because I regularly order Dublin Dr Pepper, anyone that likes Dr Pepper owes it to themselves to try some. Original recipe Dr Pepper made with, you guessed it sugar (well, sucrose but it says sugar in the ingredients because that's what most people call sugar:P).
I get what you're saying now, but that's not what I thought you were implying from the beginning. You said:
NOONE gets the password this way
I was answering that portion, yes in the context of the virus there would be no way for it to get the original password used to do the encrypting. I was only speaking about the checking of the password for decryption, forest for the trees and all that.
You clearly didn't get it, go back and read again, the big hint comes here:
Store an md5 hash of the password...
You see how the extortionist already had the password and used it to to get the md5 hash? Actually that is some plan, and also how most username/password schemes work. No need to keep the password around and no way to get the password from the hash (recently discovered collisons aside).
Store an md5 hash of the password, then hash the input and compare it to the stored hash. No visible password or easy method to reverse the hash to get the password.
That's because Google is talking about making a separate internet, one that they bought and paid for.
The companies you are referring to are trying to take Our internet and turn it into a different one.
Google's separate internet leaves you free to choose something else. The same won't be true if the current one is wrecked.
Instead of the capsules full of koolaid, just drop in a couple of butterscotch hard candies. Victim wonders where the smell of butterscotch is coming from and gets out of the shower very sticky.:)
Hmm... how many of those are features of the protocol, as opposed to features of one or more of the main server implementations?
I don't think anyone has just added anything to their server implementation, most added "things" are specified in a JEP somewhere.
In addition to the matter of storage (which they're probably not that bothered about) there's the issue that they must then store and forward messages.
That's part of the protocol, should just be an implementation detail of where to store the users "spool", as XML or in a database.
I agree with the rest, I'm sure most missed features will come along after Beta (or during). If it had been me I wouldn't have rolled out s2s yet either.
I would be extremely surprised at this point if the speculated IM client wasn't browser-based (no, I won't use that useless, made up, psuedo-acronym). They've just got at least a couple of teams that are so good at it. They've got most of the cross-browser problems solved, though I am still surprised how much stuff they have that's Windows only.
And I'm also speculating about a client that is pure speculation sooo, take that big block of salt over there with you when you leave.
Doubt it, script kiddies are just that, kiddies running scripts that someone else wrote. The info in this book would go right over the heads 99.99999% of the script kiddies on the planet.
Then you find out he's got a safe deposit box that he accessed yesterday. So, the bank's got a key, and he's got a key. Getting a court order that says he's got to give up access to that box (or that the bank says he has to) isn't really any different than gaining access to any other secured information or storage. Dumping his phone logs, for example. Or listening to his voicemail.
Now that I'm OK with, you've gone and got some checks and balances involved. You found a place you suspected had evidence tied to a crime, got a judge to agree with your suspicions, and executed a court order.
What I read in TFA is that the police want to make it a crime for you to refuse to turn over your keys. No mention of court order or judge, they say gimme and you're in trouble if you don't.
I don't want to be blown up, I don't want my parents or children being blown up, but I don't see them as much worse than living somewhere that the police say "Show me all your stuff and give me all your secrets." and I'm a criminal if I say no. I just won't give up my freedoms for a sense of security....now where's that B. Franklin quote...
With all the replies you already have I doubt you'll see this one. I've seen your sig lots of times and enjoyed it, I've even pointed it out to my spouse FWIW.
Incidentally, what would you have the cops do while they're sitting there looking at the head of a guy who knows something that they would like to know? You know he knows it, but he won't tell, how about we just beat and torture him until he talks. Locked away in your brain isn't so far removed from locked away on your harddrive. Getting to both requires destroying your civil liberties that someone died to make sure you have.
Don't let your civil liberties get trampled on no matter what.
Slashdot Mirror
And even trains aren't on autopilot. :)
Yeah right. Celebrities won't be forced to go through these things.
You can't just say "assume decent quality public/private key crypto such that a crypto crack is not an option". We're not talking about breaking the encryption on something that Bruce Schneier designed. See the article for the level of coder we're talking about. Attacking the encryption would be my starting point for all of these. If it can decrypt the incoming messages, chances are there's a flaw I can find that will lead me to that key.
I drive I-45 just North of Houston and regularly see the things being driven north towards Dallas. I've never looked into where they're coming from or going, but I see them on a regular weekly basis.
If there was only one browser, they would only check in their own browser, and assume it would look fine for everyone else. Which is definitely not the case.
Honestly, it hasn't been that long since that really was the case for 90%+ of web developers.
Yes I mean sucrose, that's why I said 'sugar' and not 'sugars'. :P
And of course it isn't true, it was a comment not a declaration of absolute fact. Mostly because I regularly order Dublin Dr Pepper, anyone that likes Dr Pepper owes it to themselves to try some. Original recipe Dr Pepper made with, you guessed it sugar (well, sucrose but it says sugar in the ingredients because that's what most people call sugar :P).
High fructose corn syrup in cola makes sticky mess - no one uses sugar anymore.
I get what you're saying now, but that's not what I thought you were implying from the beginning. You said:
NOONE gets the password this way
I was answering that portion, yes in the context of the virus there would be no way for it to get the original password used to do the encrypting. I was only speaking about the checking of the password for decryption, forest for the trees and all that.
You clearly didn't get it, go back and read again, the big hint comes here:
Store an md5 hash of the password...
You see how the extortionist already had the password and used it to to get the md5 hash? Actually that is some plan, and also how most username/password schemes work. No need to keep the password around and no way to get the password from the hash (recently discovered collisons aside).
Store an md5 hash of the password, then hash the input and compare it to the stored hash. No visible password or easy method to reverse the hash to get the password.
The term you are looking for is 'falsifiable'.
Wasn't it Gregory Hines?
:)
Something like:
Billy: "It's not the volts that'll kill ya, it's the amps."
Gregory: "Well how many amps is it then?"
Billy: "Shit I don't know, enough to move a train."
I love movie quotes.
That's because Google is talking about making a separate internet, one that they bought and paid for. The companies you are referring to are trying to take Our internet and turn it into a different one.
Google's separate internet leaves you free to choose something else. The same won't be true if the current one is wrecked.
Along the same lines, but even better I feel...
Instead of the capsules full of koolaid, just drop in a couple of butterscotch hard candies. Victim wonders where the smell of butterscotch is coming from and gets out of the shower very sticky. :)
And if I make P2P software I'm not liable for what users do with it....oh wait.
Apple truly trumps the hacker shop that is... uh... God.
Sorry, I think you misspelled evolution.
Hmm... how many of those are features of the protocol, as opposed to features of one or more of the main server implementations?
I don't think anyone has just added anything to their server implementation, most added "things" are specified in a JEP somewhere.
In addition to the matter of storage (which they're probably not that bothered about) there's the issue that they must then store and forward messages.
That's part of the protocol, should just be an implementation detail of where to store the users "spool", as XML or in a database.
I agree with the rest, I'm sure most missed features will come along after Beta (or during). If it had been me I wouldn't have rolled out s2s yet either.
And had you gone to the linked site and done some reading you would see that he is working with them...
I would be extremely surprised at this point if the speculated IM client wasn't browser-based (no, I won't use that useless, made up, psuedo-acronym). They've just got at least a couple of teams that are so good at it. They've got most of the cross-browser problems solved, though I am still surprised how much stuff they have that's Windows only.
And I'm also speculating about a client that is pure speculation sooo, take that big block of salt over there with you when you leave.
Went for that F.P. two days in a row and didn't get it either time, yesterday was more sneaky.
I do believe you misspelled "iJet".
Doubt it, script kiddies are just that, kiddies running scripts that someone else wrote. The info in this book would go right over the heads 99.99999% of the script kiddies on the planet.
GMail would probably be a better example than GMaps.
Now that I'm OK with, you've gone and got some checks and balances involved. You found a place you suspected had evidence tied to a crime, got a judge to agree with your suspicions, and executed a court order.
What I read in TFA is that the police want to make it a crime for you to refuse to turn over your keys. No mention of court order or judge, they say gimme and you're in trouble if you don't.
I don't want to be blown up, I don't want my parents or children being blown up, but I don't see them as much worse than living somewhere that the police say "Show me all your stuff and give me all your secrets." and I'm a criminal if I say no. I just won't give up my freedoms for a sense of security....now where's that B. Franklin quote...
Been a pleasure chatting with you.
With all the replies you already have I doubt you'll see this one. I've seen your sig lots of times and enjoyed it, I've even pointed it out to my spouse FWIW.
Incidentally, what would you have the cops do while they're sitting there looking at the head of a guy who knows something that they would like to know? You know he knows it, but he won't tell, how about we just beat and torture him until he talks. Locked away in your brain isn't so far removed from locked away on your harddrive. Getting to both requires destroying your civil liberties that someone died to make sure you have.
Don't let your civil liberties get trampled on no matter what.