Wait, who is the enemy here? Last time i checked, the only possible fit for the enemy in this whole scenario is the public. It embarrasses many officials who were doing things or saying things they shouldn't have been. I don't see any standard description of an enemy that could have benefited from any of the leaks. The only thing that makes sense is public opinion and backlash again shady dealings.
The enemy is any government which isn't the US government or her allies.
Assange played him exactly the way a CIA or KGB handler would play his assets. it was textbook.
And when the stuff hits the fan over espionage, it tends to get on everyone. Assange definitely committed espionage, and if he was a state actor, no one would hesitate to call it that. Manning gets hit iwth it cause he aided and enabled to occur, even if he wasnt the driving force behind it.
But it's not the same. Witting or unwitting. Willful or unwillfull. Julian Assange also didn't do anything to play Manning like a handler. The two never met, and as far as I know never directly communicated. A handler actually would know Bradley Manning, but Bradley Manning exposed his identity to Adrian Lamo on purpose and prior to that no one knew who he was.
So in that I don't think he was witting. I also don't think Julian Assange is some sort of spymaster because he's not working for a specific government that I know of nor does he seem to operate the way a KGB or CIA would. He's not blackmailing people for information, he's not threatening peoples families, he's not tricking people. People are giving Wikileaks information because in a lot of cases there really is injustice and they have no one to give it to.
I don't think the Cablegate information was about injustice though.
Sucks to be him. I am, however, mad a Lamo. He only did this trying to get brownie points from uncle sam. He isn't a hacker in the first place. No one has yet to say how Lamo got in touch with Manning... and that is one reason why Mrs. Lamo divorced him...
Why blame Lamo? Lamo didn't ask for Manning to contact him and give him all those classified documents. He contacted Lamo because Lamo was posing as a journalist and had journalist connections. Why would you contact Adrian Lamo under your real IP address, real screen name, etc and expect nothing to happen? He was setting Lamo up to go down with him.
Why didn't Manning follow whatever rules that Anonymous sources typically follow? He screwed up not Lamo. If he followed the rules Lamo would never know who he is. If he followed the rules those logs could not exist. So what was Manning thinking transmitting that over the unencrypted unsecured wire to a known hacker?
Manning indiscriminately leaked an enormous amount of classified materials including details of our military tactics, names of our Iraqi and Afghan allies and spies, classified diplomatic cables revealing our diplomatic strategies etc etc.
Which is bullshit, bullshit, bullshit, and bullshit. Respectively. No top secret documents were leaked, nor names of spies.
Repeating Big Lies doesn't make them true. It just makes you a bigger liar.
Yes please Cite that because I have to see evidence of a name being leaked. You said names of allies and spies. If he leaked that then it's espionage and he should get life but you haven't shown any evidence he leaked that.
If he was attempting to aid the enemy he would have leaked them straight to the enemy.
And it is obvious that the enemy doesn't read the New York Times or Wikileaks, so it is inconceivable that those could be the medium used to communicate.
Aiding the enemy doesn't have to be a deliberate choice. You don't have to say "today I will aid the enemy."
So that leaves you with... he wasn't trying to aid the enemy with the leaks, and he didn't incidentally aid them either.
So what you are arguing is that the material he released was so meaningless that it makes no difference to anyone. His valiant bravery in releasing documents that seriously compromise US diplomatic efforts didn't actually have any effect on anything at all...
So if you aid the enemy by accident because you got tricked, that still counts? In that case many many soldiers have aided the enemy because the enemy blackmailed them into providing information.
The big revelation is that he also gave the documents over to US agencies first. Aiding the enemy my ass, he went to Wikileaks after the New York Times (which Daniel Ellsberg used for the Pentagon leak) and other news agencies that didn't follow through.
If he indeed did give the information to US agencies first then that is conclusive evidence that he was not committing espionage. That doesn't mean he should have leaked, it just means something went wrong somewhere.
Most seem to consider him a hero but the guy had to know he would likely face life in prison and for what? What injustice did he undo? He embarrassed some powerful people and got his name in the paper. We aren't exactly talking about outing the military over a massacre. He passed on a bunch of files to Wikileaks without knowing the content so he had no idea what damage it would cause so it was irresponsible at best. I think government secrecy is obscene since most of the secrets are already known to foreign powers it's mostly about keeping the information from the American people. I think stealing secrets without a clear purpose is a stupid thing to do. If he was trying to correct a wrong I might agree with his supporters. I think it was more about ego than doing good. He just threw away his best years over this which was a foolish thing to do.
I actually agree with you, but does he really deserve life in prison for embarrassing powerful people? His sentence is extraordinarily harsh. His treatment is extraordinarily harsh. He's being threatened with espionage which is completely inaccurate unless he leaked a list of source identities and they all got killed.
I love these comments supporting what this soldier did. It's quite obvious that none of you who support this traitor understand the basics of military service, the protection of classified information, and the absolute need for the two to go hand-in-hand. This soldier took it upon himself to distribute classified information to parties that neither had the clearance nor need to know. He violated multiple articles of the UCMJ (Uniform Code of Military Justice) and other federal laws.
Having served in the US Air Force, in a capacity where I was in contact with classified data every day, I know the level of discipline it takes to protect information. PFC Manning had legal, authorized channels he could have used to express his concerns - in regards to not only what he saw, but how it affected him. He chose, however, to assume he knew best and to distribute this information outside (and ultimately foreign) agencies. HE chose to ignore Army and DoD regulations. 20 years is a good start, but not nearly enough.
It's dumb to support what he did. It's also dumb to support the way the government is treating him for what he did. If you believe he deserves 20 years that is fine, but make a case for why he deserves 20 years and explain why he's being treated worse than so many of the others who have done much greater obvious damage?
How much damage did the Cablegate cause? can we confirm that the names of sources were leaked? If even one sources name was leaked I'd support giving him 20 years+.
Twenty years is fair. The treatment up until now is what's so messed up. As a citizen, I don't expect soldiers who leak classified treatment to get a pat on the back. However, I don't expect them to get tortured in the military prison either.
20 years is actually very harsh. It all depends on the result of his leak. How much damage did it cause?
I doubt it was 20 years worth of damage but no one has actually come up with a true report of how much damage.
He deliberately aided and abetted an enemy. His trial and execution should have been a done deal 2.5 years ago.
What enemy? Execution? Manning didn't take the names of sources to Iran and even then it probably wouldn't have got him executed when Robert Hanssen did something similar to that and he's not getting executed and Aldrich Ames did something exactly like that and he isn't being executed. Those guys were high level while Manning was a low level officer if that. He doesn't have the same level of responsibility and a lot of this is the result of giving him more classified access than he reasonably needed to have for his service. I can't figure out why he had access to so much.
Now, I won't defend the Army's treatment of Manning after his arrest. But he shouldn't have been surprised he was charged with the crimes he is accused of.
This is different from the Ellsburg case, in that Ellsberg did not have an active clearance at the time he acquired and distributed the Pentagon Papers. Bradley Manning was an active-duty serviceman, and as such was subject to the restrictions imposed on him by his security clearance. Every person with security clearance is required to sign a document stating that if you ever disclose classified material acquired in the course of your duties to anyone not entitled to have it, the government will prosecute you to the hilt. It's not an ambiguous or hard-to-understand document.
If he had selectively disclosed evidence of malfeasance, that would be one thing, and it would make him a whistle-blower. But he did a complete data dump of diplomatic cables, much of which was sensibly-classified material, the disclosure of which was indeed harmful to national interests, both to security and otherwise.
I don't think even the government believes its a case of espionage. They just want to charge him with that to see if they can convict someone of that. You're right Manning should be punished and the fact that he pleaded guilty means he recognizes that he should be punished. That being said while I agree he has to be punished, I don't agree that he should serve more than 10 years or be charged with espionage UNLESS sources were exposed and people actually died. Robert Hanssen in my opinion was treasonous. His activity resulted in sources getting killed. Ames was even worse. That should be a hard limit.
Did Bradley Manning get any sources killed? Were names leaked? How much damage did his leak cause beyond embarrassment? His charges should be based on that damage. So far we haven't heard of anyone getting killed. It's not like the Plame case.
It really makes no sense to me why he's being threatened with a life sentence. He pleaded guilty, he's going to serve probably 10 years, maybe a bit more. The life sentence is ridiculous. Espionage is ridiculous. Many cases far worse deserved a life sentence, such as Robert Hansen of the FBI but Bradley Manning was relatively low level and young.
It looks like it is on the spot with virtualization but has anyone audited or inspected the code? Are any of these features comparable to Qubes? Why would I choose this OS?
Just asking anyone more familiar with this project to explain to me the pros and cons compared to other projects.
Less human beings to trust with hardware. Less points of failure. Human beings are the problem.
The pro-software crowd would view that in itself as a weak point: that the more people who are able to evaluate and hammer away on different implementations, the better. If the small group of people that implement the hardware can be trusted to do a proper job of it, then a small group can get it done.
That also means there are more people who can sneak in a back door or errors.
The "Stoned" bootkit The "Stoned" bootkit, an MBR rootkit presented by Austrian software developer Peter Kleissner at the Black Hat Technical Security Conference USA 2009,[27][28] has been shown capable of tampering TrueCrypt's MBR effectively bypassing TrueCrypt's full volume encryption.[29][30][31][32][33] (but potentially every hard disk encryption software is affected too if it does not rely on hardware-based encryption technologies like TPM, or—even if it does—if this type of attack is made with administrative privileges while the encrypted operating system is running).[34][35] http://en.wikipedia.org/wiki/TrueCrypt#Security_concerns
Side-channels have historically hit hardware encryption harder than software, as it is easy to do something dumb like storing the encryption key in a rom chip or something. Hey look, we have hardware AES, and you dont even have to provide the password!
The distinction between "software" and "hardware" implementations of an algorithm are irrelevant when looking at the quality of the implementation; all it really indicates is that the hardware one will not use any host resources, and will be easier to port across systems. It doesnt tell you whether its faster (will usually be SLOWER), or more secure, or anything else.
With hardware you have less components you have to trust and you know the people who made it. Who made Truecrypt?
Hardware encryption is superior to software encryption because at least with hardware encryption there is less room for error. Software usually has bugs, one bug in any implementation and its broken.
I'm not sure what you're saying here... hardware encryption has less room for error because you can implicitly trust the company baking the algorithm into the hardware? Hardware can have all of the implementation errors that a software approach might have.
Unless you compiled it yourself you can't trust the person who compiled it or the compiler itself not to have a bug or backdoor.
There are usually less human beings to trust and less points of failure. That is a good thing.
But at least someone versed in the art can inspect the software to look for these bugs. With hardware, it's just a black box that you have to trust or reverse engineer at a much higher cost.
Your statement "with hardware encryption there is less room for error" doesn't jive. Hardware can have bugs too. I would say the hardware errors are worse as they require device replacement. Hardware implementations cannot be trivially inspected.
If your data is extremely (i.e. NSA level) important, never trust device-side encryption unless indeed you did compile and upload the firmware yourself. I'm not sure about how modern SSDs allow custom firmwares to be uploaded but it'd be really cool if they did. Could roll your own if you are super paranoid - I can't remember who makes but I did see one time an "SSD development kit" - it was a larger-than-a-2.5-SSD board that had a SATA port on one side and a serial port on the other - this is where you would upload firmware. You also had to purchase and install your own NAND modules which resembled DIMMs from what I could tell. It was really cool.
For 95% for use cases it's likely better than nothing.
Software is not good at generating entropy but there is no reason why software should do that. There's many physical sources of good entropy, your soundcard for one.
Truecrypt at least I can look at and compile myself if I so wanted. That says a lot to me.
If your data is NSA level important then it shouldn't be stored anywhere but at the NSA. What I mean is hardware implementations are safer from Mallory because very few people are going to know about the flaws in a hardware implementation if there are any. The people who know would be the few people who designed the hardware implementation and they would be restricted under non disclosure agreement most likely. Truecrypt you can compile yourself but chances are you don't know whether or not the functions an design of Truecrypt is secure. You also don't know your compiler is any good. And no, the soundcard is not a good enough source of entropy.
Encryption software needs to be inspectable and verifiable in order to be trusted with anything worth protecting. Closed-source software burned into the firmware of a USB drive does not meet that requirement.
That said, somebody make a programmable USB drive with open source encryption that can be flashed to it (probably with a fused write protect) and *that* would be a compelling product.
Hardware encryption offers superior security to software encryption. That said it's not easy to generate entropy so if you do use software encryption you better have a source of entropy.
Hardware encryption is only superior if you (or someone you trust) can inspect the software.
For all you know, they use your passphrase to decrypt an hardcoded decryption key that's the same on all drives, so if you put your hard drive into someone else's enclosure, their passphrase will decrypt your data.
While I don't think they are doing anything so blatantly stupid, unless you can see the software, you don't know. A number of big-name "secure" USB drives had a big security flaw that was almost exactly like that.
Anologue is better than digital. Hardware is better than software. Also you have to read about and study the hardware fairly well before choosing the product. Those products you list all suck. The Aegis Padlock Pro does not have those problems by design.
Truecrypt is a software encryption implementation. Hardware encryption is superior to software encryption because at least with hardware encryption there is less room for error. Software usually has bugs, one bug in any implementation and its broken. Side channels also can defeat software trivially. Software also isn't usually good at generating entropy so you wont have a good source of that either. Unless you compiled it yourself you can't trust the person who compiled it or the compiler itself not to have a bug or backdoor.
But that's not equivalent to having a backdoor to the device. If I catch a courier, who never knew the key code, no prison, gun or court order will do me any good. With a backdoor, however...
What about fake back doors? How do you determine which back door is the real door?
This is not true -- in many circumstances, a judge can hold you in contempt of court for not revealing an encryption key, and you can sit in jail indefinitely until you cooperate. This is especially true if the encrypted information you have the password to gives evidence against someone else, not yourself, which the 5th amendment does not protect against.
That is exactly right. But if you don't give up the key they can call you a terrorist and not have to deal with that.
Slashdot Mirror
Wait, who is the enemy here?
Last time i checked, the only possible fit for the enemy in this whole scenario is the public. It embarrasses many officials who were doing things or saying things they shouldn't have been. I don't see any standard description of an enemy that could have benefited from any of the leaks. The only thing that makes sense is public opinion and backlash again shady dealings.
The enemy is any government which isn't the US government or her allies.
Assange played him exactly the way a CIA or KGB handler would play his assets. it was textbook.
And when the stuff hits the fan over espionage, it tends to get on everyone. Assange definitely committed espionage, and if he was a state actor, no one would hesitate to call it that. Manning gets hit iwth it cause he aided and enabled to occur, even if he wasnt the driving force behind it.
But it's not the same. Witting or unwitting. Willful or unwillfull. Julian Assange also didn't do anything to play Manning like a handler. The two never met, and as far as I know never directly communicated. A handler actually would know Bradley Manning, but Bradley Manning exposed his identity to Adrian Lamo on purpose and prior to that no one knew who he was.
So in that I don't think he was witting. I also don't think Julian Assange is some sort of spymaster because he's not working for a specific government that I know of nor does he seem to operate the way a KGB or CIA would. He's not blackmailing people for information, he's not threatening peoples families, he's not tricking people. People are giving Wikileaks information because in a lot of cases there really is injustice and they have no one to give it to.
I don't think the Cablegate information was about injustice though.
Sucks to be him. I am, however, mad a Lamo. He only did this trying to get brownie points from uncle sam. He isn't a hacker in the first place. No one has yet to say how Lamo got in touch with Manning... and that is one reason why Mrs. Lamo divorced him...
Why blame Lamo? Lamo didn't ask for Manning to contact him and give him all those classified documents. He contacted Lamo because Lamo was posing as a journalist and had journalist connections. Why would you contact Adrian Lamo under your real IP address, real screen name, etc and expect nothing to happen? He was setting Lamo up to go down with him.
Why didn't Manning follow whatever rules that Anonymous sources typically follow? He screwed up not Lamo. If he followed the rules Lamo would never know who he is. If he followed the rules those logs could not exist. So what was Manning thinking transmitting that over the unencrypted unsecured wire to a known hacker?
Which is bullshit, bullshit, bullshit, and bullshit. Respectively. No top secret documents were leaked, nor names of spies.
Repeating Big Lies doesn't make them true. It just makes you a bigger liar.
Yes please Cite that because I have to see evidence of a name being leaked. You said names of allies and spies. If he leaked that then it's espionage and he should get life but you haven't shown any evidence he leaked that.
If he was attempting to aid the enemy he would have leaked them straight to the enemy.
And it is obvious that the enemy doesn't read the New York Times or Wikileaks, so it is inconceivable that those could be the medium used to communicate.
Aiding the enemy doesn't have to be a deliberate choice. You don't have to say "today I will aid the enemy."
So that leaves you with... he wasn't trying to aid the enemy with the leaks, and he didn't incidentally aid them either.
So what you are arguing is that the material he released was so meaningless that it makes no difference to anyone. His valiant bravery in releasing documents that seriously compromise US diplomatic efforts didn't actually have any effect on anything at all ...
So if you aid the enemy by accident because you got tricked, that still counts? In that case many many soldiers have aided the enemy because the enemy blackmailed them into providing information.
The big revelation is that he also gave the documents over to US agencies first. Aiding the enemy my ass, he went to Wikileaks after the New York Times (which Daniel Ellsberg used for the Pentagon leak) and other news agencies that didn't follow through.
If he indeed did give the information to US agencies first then that is conclusive evidence that he was not committing espionage. That doesn't mean he should have leaked, it just means something went wrong somewhere.
Most seem to consider him a hero but the guy had to know he would likely face life in prison and for what? What injustice did he undo? He embarrassed some powerful people and got his name in the paper. We aren't exactly talking about outing the military over a massacre. He passed on a bunch of files to Wikileaks without knowing the content so he had no idea what damage it would cause so it was irresponsible at best. I think government secrecy is obscene since most of the secrets are already known to foreign powers it's mostly about keeping the information from the American people. I think stealing secrets without a clear purpose is a stupid thing to do. If he was trying to correct a wrong I might agree with his supporters. I think it was more about ego than doing good. He just threw away his best years over this which was a foolish thing to do.
I actually agree with you, but does he really deserve life in prison for embarrassing powerful people? His sentence is extraordinarily harsh. His treatment is extraordinarily harsh. He's being threatened with espionage which is completely inaccurate unless he leaked a list of source identities and they all got killed.
I love these comments supporting what this soldier did. It's quite obvious that none of you who support this traitor understand the basics of military service, the protection of classified information, and the absolute need for the two to go hand-in-hand. This soldier took it upon himself to distribute classified information to parties that neither had the clearance nor need to know. He violated multiple articles of the UCMJ (Uniform Code of Military Justice) and other federal laws.
Having served in the US Air Force, in a capacity where I was in contact with classified data every day, I know the level of discipline it takes to protect information. PFC Manning had legal, authorized channels he could have used to express his concerns - in regards to not only what he saw, but how it affected him. He chose, however, to assume he knew best and to distribute this information outside (and ultimately foreign) agencies. HE chose to ignore Army and DoD regulations. 20 years is a good start, but not nearly enough.
It's dumb to support what he did. It's also dumb to support the way the government is treating him for what he did.
If you believe he deserves 20 years that is fine, but make a case for why he deserves 20 years and explain why he's being treated worse than so many of the others who have done much greater obvious damage?
How much damage did the Cablegate cause? can we confirm that the names of sources were leaked? If even one sources name was leaked I'd support giving him 20 years+.
Twenty years is fair. The treatment up until now is what's so messed up. As a citizen, I don't expect soldiers who leak classified treatment to get a pat on the back. However, I don't expect them to get tortured in the military prison either.
20 years is actually very harsh. It all depends on the result of his leak. How much damage did it cause?
I doubt it was 20 years worth of damage but no one has actually come up with a true report of how much damage.
He deliberately aided and abetted an enemy.
His trial and execution should have been a done deal 2.5 years ago.
What enemy? Execution? Manning didn't take the names of sources to Iran and even then it probably wouldn't have got him executed when Robert Hanssen did something similar to that and he's not getting executed and Aldrich Ames did something exactly like that and he isn't being executed. Those guys were high level while Manning was a low level officer if that. He doesn't have the same level of responsibility and a lot of this is the result of giving him more classified access than he reasonably needed to have for his service. I can't figure out why he had access to so much.
Now, I won't defend the Army's treatment of Manning after his arrest. But he shouldn't have been surprised he was charged with the crimes he is accused of.
This is different from the Ellsburg case, in that Ellsberg did not have an active clearance at the time he acquired and distributed the Pentagon Papers. Bradley Manning was an active-duty serviceman, and as such was subject to the restrictions imposed on him by his security clearance. Every person with security clearance is required to sign a document stating that if you ever disclose classified material acquired in the course of your duties to anyone not entitled to have it, the government will prosecute you to the hilt. It's not an ambiguous or hard-to-understand document.
If he had selectively disclosed evidence of malfeasance, that would be one thing, and it would make him a whistle-blower. But he did a complete data dump of diplomatic cables, much of which was sensibly-classified material, the disclosure of which was indeed harmful to national interests, both to security and otherwise.
I don't think even the government believes its a case of espionage. They just want to charge him with that to see if they can convict someone of that.
You're right Manning should be punished and the fact that he pleaded guilty means he recognizes that he should be punished. That being said while I agree he has to be punished, I don't agree that he should serve more than 10 years or be charged with espionage UNLESS sources were exposed and people actually died. Robert Hanssen in my opinion was treasonous. His activity resulted in sources getting killed. Ames was even worse. That should be a hard limit.
Did Bradley Manning get any sources killed? Were names leaked? How much damage did his leak cause beyond embarrassment? His charges should be based on that damage. So far we haven't heard of anyone getting killed. It's not like the Plame case.
It really makes no sense to me why he's being threatened with a life sentence. He pleaded guilty, he's going to serve probably 10 years, maybe a bit more. The life sentence is ridiculous. Espionage is ridiculous. Many cases far worse deserved a life sentence, such as Robert Hansen of the FBI but Bradley Manning was relatively low level and young.
It looks like it is on the spot with virtualization but has anyone audited or inspected the code? Are any of these features comparable to Qubes? Why would I choose this OS?
Just asking anyone more familiar with this project to explain to me the pros and cons compared to other projects.
Less human beings to trust with hardware. Less points of failure. Human beings are the problem.
The pro-software crowd would view that in itself as a weak point: that the more people who are able to evaluate and hammer away on different implementations, the better. If the small group of people that implement the hardware can be trusted to do a proper job of it, then a small group can get it done.
That also means there are more people who can sneak in a back door or errors.
The "Stoned" bootkit
The "Stoned" bootkit, an MBR rootkit presented by Austrian software developer Peter Kleissner at the Black Hat Technical Security Conference USA 2009,[27][28] has been shown capable of tampering TrueCrypt's MBR effectively bypassing TrueCrypt's full volume encryption.[29][30][31][32][33] (but potentially every hard disk encryption software is affected too if it does not rely on hardware-based encryption technologies like TPM, or—even if it does—if this type of attack is made with administrative privileges while the encrypted operating system is running).[34][35]
http://en.wikipedia.org/wiki/TrueCrypt#Security_concerns
Side-channels have historically hit hardware encryption harder than software, as it is easy to do something dumb like storing the encryption key in a rom chip or something. Hey look, we have hardware AES, and you dont even have to provide the password!
The distinction between "software" and "hardware" implementations of an algorithm are irrelevant when looking at the quality of the implementation; all it really indicates is that the hardware one will not use any host resources, and will be easier to port across systems. It doesnt tell you whether its faster (will usually be SLOWER), or more secure, or anything else.
With hardware you have less components you have to trust and you know the people who made it. Who made Truecrypt?
Less human beings to trust with hardware. Less points of failure. Human beings are the problem.
Hardware encryption is superior to software encryption because at least with hardware encryption there is less room for error. Software usually has bugs, one bug in any implementation and its broken.
I'm not sure what you're saying here... hardware encryption has less room for error because you can implicitly trust the company baking the algorithm into the hardware? Hardware can have all of the implementation errors that a software approach might have.
Unless you compiled it yourself you can't trust the person who compiled it or the compiler itself not to have a bug or backdoor.
There are usually less human beings to trust and less points of failure. That is a good thing.
But at least someone versed in the art can inspect the software to look for these bugs. With hardware, it's just a black box that you have to trust or reverse engineer at a much higher cost.
Your statement "with hardware encryption there is less room for error" doesn't jive. Hardware can have bugs too. I would say the hardware errors are worse as they require device replacement. Hardware implementations cannot be trivially inspected.
If your data is extremely (i.e. NSA level) important, never trust device-side encryption unless indeed you did compile and upload the firmware yourself. I'm not sure about how modern SSDs allow custom firmwares to be uploaded but it'd be really cool if they did. Could roll your own if you are super paranoid - I can't remember who makes but I did see one time an "SSD development kit" - it was a larger-than-a-2.5-SSD board that had a SATA port on one side and a serial port on the other - this is where you would upload firmware. You also had to purchase and install your own NAND modules which resembled DIMMs from what I could tell. It was really cool.
For 95% for use cases it's likely better than nothing.
Software is not good at generating entropy but there is no reason why software should do that. There's many physical sources of good entropy, your soundcard for one.
Truecrypt at least I can look at and compile myself if I so wanted. That says a lot to me.
If your data is NSA level important then it shouldn't be stored anywhere but at the NSA.
What I mean is hardware implementations are safer from Mallory because very few people are going to know about the flaws in a hardware implementation if there are any. The people who know would be the few people who designed the hardware implementation and they would be restricted under non disclosure agreement most likely. Truecrypt you can compile yourself but chances are you don't know whether or not the functions an design of Truecrypt is secure. You also don't know your compiler is any good. And no, the soundcard is not a good enough source of entropy.
I don't understand why hacking through PDF is considered old school. Is the exploit really old?
Encryption software needs to be inspectable and verifiable in order to be trusted with anything worth protecting. Closed-source software burned into the firmware of a USB drive does not meet that requirement.
That said, somebody make a programmable USB drive with open source encryption that can be flashed to it (probably with a fused write protect) and *that* would be a compelling product.
Hardware encryption offers superior security to software encryption. That said it's not easy to generate entropy so if you do use software encryption you better have a source of entropy.
Hardware encryption is only superior if you (or someone you trust) can inspect the software.
For all you know, they use your passphrase to decrypt an hardcoded decryption key that's the same on all drives, so if you put your hard drive into someone else's enclosure, their passphrase will decrypt your data.
While I don't think they are doing anything so blatantly stupid, unless you can see the software, you don't know. A number of big-name "secure" USB drives had a big security flaw that was almost exactly like that.
Anologue is better than digital. Hardware is better than software. Also you have to read about and study the hardware fairly well before choosing the product. Those products you list all suck. The Aegis Padlock Pro does not have those problems by design.
Truecrypt is a software encryption implementation. Hardware encryption is superior to software encryption because at least with hardware encryption there is less room for error. Software usually has bugs, one bug in any implementation and its broken. Side channels also can defeat software trivially. Software also isn't usually good at generating entropy so you wont have a good source of that either. Unless you compiled it yourself you can't trust the person who compiled it or the compiler itself not to have a bug or backdoor.
But that's not equivalent to having a backdoor to the device. If I catch a courier, who never knew the key code, no prison, gun or court order will do me any good. With a backdoor, however...
What about fake back doors? How do you determine which back door is the real door?
This is not true -- in many circumstances, a judge can hold you in contempt of court for not revealing an encryption key, and you can sit in jail indefinitely until you cooperate. This is especially true if the encrypted information you have the password to gives evidence against someone else, not yourself, which the 5th amendment does not protect against.
That is exactly right. But if you don't give up the key they can call you a terrorist and not have to deal with that.
Court orders won't work in the USA as you can always plead the fifth in the United States.
Where court orders wont work, rogue agents and vigilantes do. With enough pressure on you and your family you'll give them the unlock code eventually.