Iron works on Linux as well, not just Windows. I run it on Ubuntu 9.10.
As I mentioned above, 4.0.275.2 (Developer Build 35171) of Iron is affected by the bug from the article.
Use Iron, which is sort of like Chrome for the privacy-conscious.
Note that the bug from the article is present in SRWare Iron 4.0.275.2 (Developer Build 35171) as well, though so this appears to be a Chromium issue(?).
The FBI does not prosecute cases. It provides investigative information to United States attorneys, who then use that information to decide whether to prosecute.
Also, if your dealing with a shop that has to be PCI-DSS or as part of a PA-DSS application, the PCI folks want to see at least 256bit AES encryption. The 128-bit solution isn't enough. So far the closest we've found is Logmein and we only support clients on Windows or OSX.
So, let me get this straight. 128-bit AES in a popular, trusted , open source, "point to point" application isn't good enough. However Logmein, originally developed in Eastern Europe (and probably now supported from India or China) which is a closed box controlled by servers you have no idea what they're doing is fine because they somewhere have the magical text "256bit AES". Right.
Hey, buzzword compliance is what standards are all about!
They could do even better than that, they could take relative position information you described and then hash it. Hashes are one way, no one can recover the respresentation once it is hashed.
even with a "secure" hash, if the recorded data has low entropy, you can still guess it in an offline dictionary attack. If you believe otherwise, please post your/etc/shadow for us, thanks!
But seriously, it's besides the point whether they store hashes or high-res pictures of your fingers. Whoever gets their hand on the database can still identify the prints you leave everywhere. High-res pictures just make it easier for them to impersonate you to other fingerprint scanners.
Just offer a small compensation from the multi-million dollar Mozilla Foundation budget and people will volunteer. As Schneier said, "If McDonald's offered a free Big Mac for a DNA sample, there would be lines around the block."
One thing that I'm certain would be a part of future "wishes and plans" to censor (if not already part of the proposed filter) would be Nazi paraphernalia.
This is already being done [German], at least in the state NRW. They starting blocking in 2002, and a court determined it's legal in 2005.
To provide some perspective for US readers, here's a NY Times article on how unique the First Amendment is.
Here's a classic rundown of ways to destroy the Earth, complete with back-of-the envelope calculations on whether they'd work: http://qntm.org/?destroy
FTA:
Destroying the Earth is harder than you may have been led to believe.
You've seen the action movies where the bad guy threatens to destroy the Earth. You've heard people on the news claiming that the next nuclear war or cutting down rainforests or persisting in releasing hideous quantities of pollution into the atmosphere threatens to end the world.
Fools.
The Earth is built to last. It is a 4,550,000,000-year-old, 5,973,600,000,000,000,000,000-tonne ball of iron. It has taken more devastating asteroid hits in its lifetime than you've had hot dinners, and lo, it still orbits merrily. So my first piece of advice to you, dear would-be Earth-destroyer, is: do NOT think this will be easy.
I'd be much more concerned about what the German government might do with that data; their history is, shall we say, less than stellar.
Many Germans share your concern about their governments' less than stellar history.
We all know that once the data is accumulated, it will be used. Therefore it's important to prevent such massive data collection, among other things.
Well, for starters the largest constitutional complaint ever is under way against the government's draconian data retention program, with more than 30,000 plaintiffs.
...I think these are less likely to hit me in the long run than publicly available and mineable personal information over which I essentially have no control.
In what way are they likely to 'hit' you?
Take for example my Wikipedia edits. They reveal all kinds of stuff about me: my stand on political issues (including those relevant to potential employers), how much time I waste online (uhm, also relevant), my social behavior online, etc. Another concrete example is how I may criticize a business online and later end up learning they're a customer of my employer.
On Facebook it may get worse -- people may find out who my friends are (or were), what communities I belong to, etc. I don't want everybody in the world to be able to follow my life this closely. It's just none of their business.
I like to control as much of the information that's out there about me as possible. See, from a security point of view it's much better to control the information you release in the first place rather then cry over spilled milk because you find yourself in a position of defending that stupid flame war you had years ago. Or that radical political position (e.g. on software patents or proprietary software) you took that's absolutely against the position your company would take. Search engine caches or the Internet Archive may keep your stuff forever.
Look, I don't think it's about me coming up with the scariest and most realistic scenarios how my past public online behavior can come back to hurt me. Actually, it's precisely the opposite: Because I can't be certain that my data traces will not come back to be used in a way I did not anticipate, I'm taking reasonably safety measures to minimize risk: 1) don't reveal too much about yourself and 2) use pseudonyms when possible. That way I don't have to be sure my traces will never at some point in the future be used in a way I dislike.
No way I'm giving up. I suggest using aliases and changing (spam) mail addresses every so often, plus obviously getting a dynamic IP.
I'm still using a credit card and say yes to pretty much every cell phone or application EULA, but I think these are less likely to hit me in the long run than publicly available and mineable personal information over which I essentially have no control. Web 2.0 sites are great, as long as I can use them pseudonymously (like Wikipedia, or Slashdot). So no way I'm getting on Facebook and the like.
The two of you, like almost every presidential candidate I can recall, vow to curb government spending. Please list some of the cuts you would make, and what percentage of the budget would be saved by their elimination or reduction.
Jim Lehrer kind of asked this:
LEHRER: All right. All right, speaking of things that both of you want, another lead question, and it has to do with the rescue -- the financial rescue thing that we started -- started asking about.
And what -- and the first answer is to you, Senator Obama. As president, as a result of whatever financial rescue plan comes about and the billion, $700 billion, whatever it is it's going to cost, what are you going to have to give up, in terms of the priorities that you would bring as president of the United States, as a result of having to pay for the financial rescue plan?
I'm speaking of Federal programs that appear to violate
Amendment 10 - Powers of the States and People.
The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.
It strikes me that adherence to this would obviate a substantial chunk of the problems besetting the polity.
But wouldn't this just shift the debates over abortion, gun control, gay marriage, and all those other wedge issues to the states?
Most citizens in Switzerland have fully-automatic assault rifles in their homes. It seems to work well for them.
...at least until some nutjob shot 14 people in a state parliament using one of those standard army-issue assault rifles their conscripts get to keep at home.
For those who didn't check out the site Virginia Watchdog linked in the article -- I think by posting the SSNs of people ranging from some county executives, Florida SOS Browning, former CIA director Porter Goss, Jeb Bush, and Colin Powell to Tom Delay (and so on), the site's author makes it plain: the situation is pretty crazy, with many counties all over the US publishing these misguided identifiers.
It's waaaay smaller than Bouncy Castle. The focus of Keyczar seems to be on usability, to the point that it's seems rather black-boxy. Here's an encryption example from their page:
Crypter crypter = new Crypter("/path/to/your/keys");
String ciphertext = crypter.encrypt("Secret message");
Notice that it's not at all clear what this does. Is it symmetric or asymmetric encryption? Deterministic or nondeterministic? Authenticated? It's all under the hood. If you don't care to look, you don't have to know. They try to provide safe defaults, but it won't the developer from understanding some basic crypto concepts.
Bouncy Castle is a lot more comprehensive and (most likely) mature.
Slashdot Mirror
Iron works on Linux as well, not just Windows. I run it on Ubuntu 9.10. As I mentioned above, 4.0.275.2 (Developer Build 35171) of Iron is affected by the bug from the article.
Use Iron , which is sort of like Chrome for the privacy-conscious. Note that the bug from the article is present in SRWare Iron 4.0.275.2 (Developer Build 35171) as well, though so this appears to be a Chromium issue(?).
The FBI does not prosecute cases. It provides investigative information to United States attorneys, who then use that information to decide whether to prosecute.
So, let me get this straight. 128-bit AES in a popular, trusted , open source, "point to point" application isn't good enough. However Logmein, originally developed in Eastern Europe (and probably now supported from India or China) which is a closed box controlled by servers you have no idea what they're doing is fine because they somewhere have the magical text "256bit AES". Right.
Hey, buzzword compliance is what standards are all about!
They could do even better than that, they could take relative position information you described and then hash it. Hashes are one way, no one can recover the respresentation once it is hashed.
even with a "secure" hash, if the recorded data has low entropy, you can still guess it in an offline dictionary attack. If you believe otherwise, please post your /etc/shadow for us, thanks!
But seriously, it's besides the point whether they store hashes or high-res pictures of your fingers. Whoever gets their hand on the database can still identify the prints you leave everywhere. High-res pictures just make it easier for them to impersonate you to other fingerprint scanners.
In TSL's RSA mode the user is actually generating the session key, and in the Diffie-Hellman modes s/he generates at least half of it.
Just offer a small compensation from the multi-million dollar Mozilla Foundation budget and people will volunteer. As Schneier said, "If McDonald's offered a free Big Mac for a DNA sample, there would be lines around the block."
One thing that I'm certain would be a part of future "wishes and plans" to censor (if not already part of the proposed filter) would be Nazi paraphernalia.
This is already being done [German], at least in the state NRW. They starting blocking in 2002, and a court determined it's legal in 2005.
To provide some perspective for US readers, here's a NY Times article on how unique the First Amendment is.
Welcome to the world of academic funding.
Destroying the Earth is harder than you may have been led to believe.
You've seen the action movies where the bad guy threatens to destroy the Earth. You've heard people on the news claiming that the next nuclear war or cutting down rainforests or persisting in releasing hideous quantities of pollution into the atmosphere threatens to end the world.
Fools.
The Earth is built to last. It is a 4,550,000,000-year-old, 5,973,600,000,000,000,000,000-tonne ball of iron. It has taken more devastating asteroid hits in its lifetime than you've had hot dinners, and lo, it still orbits merrily. So my first piece of advice to you, dear would-be Earth-destroyer, is: do NOT think this will be easy.
I'd be much more concerned about what the German government might do with that data; their history is, shall we say, less than stellar.
Many Germans share your concern about their governments' less than stellar history. We all know that once the data is accumulated, it will be used. Therefore it's important to prevent such massive data collection, among other things.
Its mostly, not totally, but mostly paranoia, anti-corporatism and anti-americanism at work. I am german, I know what I am talking about.
Just because you're paranoid doesn't mean they're not out to get you.
Well, for starters the largest constitutional complaint ever is under way against the government's draconian data retention program, with more than 30,000 plaintiffs.
See answer above.
...I think these are less likely to hit me in the long run than publicly available and mineable personal information over which I essentially have no control.
In what way are they likely to 'hit' you?
Take for example my Wikipedia edits. They reveal all kinds of stuff about me: my stand on political issues (including those relevant to potential employers), how much time I waste online (uhm, also relevant), my social behavior online, etc. Another concrete example is how I may criticize a business online and later end up learning they're a customer of my employer. On Facebook it may get worse -- people may find out who my friends are (or were), what communities I belong to, etc. I don't want everybody in the world to be able to follow my life this closely. It's just none of their business.
I like to control as much of the information that's out there about me as possible. See, from a security point of view it's much better to control the information you release in the first place rather then cry over spilled milk because you find yourself in a position of defending that stupid flame war you had years ago. Or that radical political position (e.g. on software patents or proprietary software) you took that's absolutely against the position your company would take. Search engine caches or the Internet Archive may keep your stuff forever.
Look, I don't think it's about me coming up with the scariest and most realistic scenarios how my past public online behavior can come back to hurt me. Actually, it's precisely the opposite: Because I can't be certain that my data traces will not come back to be used in a way I did not anticipate, I'm taking reasonably safety measures to minimize risk: 1) don't reveal too much about yourself and 2) use pseudonyms when possible. That way I don't have to be sure my traces will never at some point in the future be used in a way I dislike.
No way I'm giving up. I suggest using aliases and changing (spam) mail addresses every so often, plus obviously getting a dynamic IP. I'm still using a credit card and say yes to pretty much every cell phone or application EULA, but I think these are less likely to hit me in the long run than publicly available and mineable personal information over which I essentially have no control. Web 2.0 sites are great, as long as I can use them pseudonymously (like Wikipedia, or Slashdot). So no way I'm getting on Facebook and the like.
Where is the congressional accountability for the subprime loan mess?
Accountability is so 20th century... terrorism blahblah jihadists blahblahblah enhanced interrogation methods blahblah security or liberty blahblah...
The two of you, like almost every presidential candidate I can recall, vow to curb government spending. Please list some of the cuts you would make, and what percentage of the budget would be saved by their elimination or reduction.
Jim Lehrer kind of asked this:
LEHRER: All right. All right, speaking of things that both of you want, another lead question, and it has to do with the rescue -- the financial rescue thing that we started -- started asking about. And what -- and the first answer is to you, Senator Obama. As president, as a result of whatever financial rescue plan comes about and the billion, $700 billion, whatever it is it's going to cost, what are you going to have to give up, in terms of the priorities that you would bring as president of the United States, as a result of having to pay for the financial rescue plan?
I'm speaking of Federal programs that appear to violate
Amendment 10 - Powers of the States and People. The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.
It strikes me that adherence to this would obviate a substantial chunk of the problems besetting the polity.
But wouldn't this just shift the debates over abortion, gun control, gay marriage, and all those other wedge issues to the states?
Most citizens in Switzerland have fully-automatic assault rifles in their homes. It seems to work well for them.
...at least until some nutjob shot 14 people in a state parliament using one of those standard army-issue assault rifles their conscripts get to keep at home.
Last time I checked they had at least the rule of law, unlike some, err, other countries.
And for those interested in the finances of the FSF, see Charity Navigator.
For those who didn't check out the site Virginia Watchdog linked in the article -- I think by posting the SSNs of people ranging from some county executives, Florida SOS Browning, former CIA director Porter Goss, Jeb Bush, and Colin Powell to Tom Delay (and so on), the site's author makes it plain: the situation is pretty crazy, with many counties all over the US publishing these misguided identifiers.
It's waaaay smaller than Bouncy Castle. The focus of Keyczar seems to be on usability, to the point that it's seems rather black-boxy. Here's an encryption example from their page: Crypter crypter = new Crypter("/path/to/your/keys"); String ciphertext = crypter.encrypt("Secret message"); Notice that it's not at all clear what this does. Is it symmetric or asymmetric encryption? Deterministic or nondeterministic? Authenticated? It's all under the hood. If you don't care to look, you don't have to know. They try to provide safe defaults, but it won't the developer from understanding some basic crypto concepts. Bouncy Castle is a lot more comprehensive and (most likely) mature.