In the British Police-State, that is not possible, unless the journalist is willing to go to prison for failing to disclose an encryption password. Forget about "plausible deniability", that is for kids and morons. It does not work in practice.
The time to protect essential freedoms in Britain is past, and the battle (pathetic though as it has been) is lost. Anybody now trying to protect itself will just be classified as a "terror supporter" and that is it. Expect concentration camps to be opened soon.
And it needs somebody that is responsible if this oversight fails and that goes to jail. In the US system that would be the task and responsibility of the prosecutor as it is his/her evidence.
Thank you. I recently started working with a student that kept insisting you can produce good code in Java and was able to demonstrate it. Made me re-think the problem. It may be that Java just became popular at a time where a lot of people entered the coding business for all the wrong reasons.
Democracy was long viewed as an effective deterrent to totalitarianism. Unfortunately, those of a fascist leaning have now found an effective way around it:
1. Establish it slowly 2. Keep the population in fear so they sign off on anything 3. Make sure voters have no real alternatives
We are heading towards a fascist world order. Slowly this time, but with no real opposition unlike last time.
I agree. However anybody that knows only one language is basically incompetent. The Java-bunch just seems the worst of the lot, for whatever reasons. Maybe it is that Java has so much tool-support and so many libraries that even the most incompetent coder can produce something.
Well, being AC is certainly the new stupid (same as the old one). My statement is from experience, such as in external code reviews. Java code, without doubt, takes the crown for most badly written code in general, rare exceptions non-withstanding.
Well, fortunately I returned my STEAM copy. Come to think of it, the Batmobil got on my nerves pretty soon in addition to the graphics breaking immersion all the time. Will not buy again. Well, maybe a $5 nice-price in a few years.
For modern BASIC (in particular no line numbers, only limited global variables, functions, no GOTO or one you do not usually need, etc.), I agree. For classical BASIC, I fully and completely agree with Djikstra. It is an abomination and exposing people to it hurts them. I was fortunately to recognize it as bad when I bough a C64 way back and moved on to a pretty good macro assembler.
Yea, well. And if people that do not understand efficiency and effectiveness, you get things like "laws", "processes", "forms", etc. that are complicated, unclear, dog slow, solve the wrong problem and generally are of massive negative worth because of the way they are done. So a course focused of efficiency, effectiveness, clarity, etc. would get my vote. Of course that would need to span all of education. And you would have to sack most teachers, as they cannot do well in this domain.
Most suck, but there are some that make the language work well. Makes me think not Java is broken, but all these people producing really bad code with it are.
Seriously, stop listening to these cretins. They give you fairy-tales and other stupid stuff they believe in. They do not give anything of any worth, but drown out people with an actual clue of what is possible and what not and how long things can be expected to take.
They do not. Really not. That would be a catastrophe waiting to happen. (Then, we still have enough nukes at the ready to destroy the planet several times over, so that may not be much of a deterrent.) But it seems highly unlikely that they can break modern crypto like AES or indeed any of the other finalists for a number of reasons. In addition, the continued failure to force companies to make their software more secure does deliver a host of vulnerabilities all the time. I am not sure this is an accident.
Probably the only real problem with democracy is that most voters are morons, but more so, most politicians are morons and with all shreds of personal honor, integrity or morality removed.
David Cameron made a speech. He said the government wants it to be impossible for terrorists to hide from the security services.
And that is the problem right there: The only environment where that even gets close to the truth is extreme Fascism. If there is even a bit of personal freedom left, terrorists can hide. Hence even extreme Fascism offers some possibilities for terrorists to hide, so you have to have things like concentration camps, wars and famines to keep them otherwise occupied. But remember all those people that hid Jews in the 3rd Reich? All these qualify as "terrorists" in the convoluted mind-set of Cameron and he wants such deeds to be made impossible.
In the end, Cameron and his ilk want to remove all personal freedoms and have any action, and if possible, any thought by a citizen be subject to review by "the authorities".
While I agree on the sentiment, such a cancer can spread. Remember that Hitler was voted into office. (With a minority of votes, but still the largest share.)
Something needs to be intentionally broken if they can intercept and decrypt communications. That is a "compromise" of the security of the app, but it is not a backdoor, which is a command and control interface into the app. Intercepting and decrypting communication can be done by weaknesses in the Architecture, design and implementation, but may not require contacting the app at all.
The distinction is purely technical though, the result is the same: A broken product that endangers its users.
Well, not really, although it has the same effect. Weak keys, weak crypto, etc. all serve that purpose. I also have a nagging suspicion that legal approaches to make companies write more secure code are delayed or squashed in order to allow the GCHQ (and others of the same fundamental evil disposition) to continue to indulge their peeping habits.
This is really the best of both worlds: Force backdoors (which are insecure, of course) in there, but make it right again forcing the people involved to lie about it. Everybody that does not comply is obviously a terrorist and will go into an isolation cell in prison for his remaining lifetime.
In particular the British administration is lying habitually and pathologically and nothing they say can be trusted.
While these approaches all sound nice in theory, they are unworkable or mostly worthless in practice for the type of software under discussion here.
I have done such audits. You get 5 days to review 1000 lines of badly structured and undocumented code. In the end you conclude "no obvious backdoors or vulnerabilities", the vendor is off the hook and the code still sucks. And point 4? Until people doing the code are actually paid wages that attract those that can do it, forget it. Methodologies are vastly overrated. What makes the result good is that bad engineers usually cannot follow the methodology and get weeded out. But it is not the methodology that makes the code good, it is the people creating it.
That is what makes open-sourcing the code the only viable option at this time, unless a lot of money can be thrown at making the code secure. The latter is not the case in most scenarios.
Your aerospace example incidentally has another aspect that makes it non-general: Little change and a very well defined problem. Also, basically security by isolation, so the by far most difficult property of good code (security) is irrelevant in aerospace. Also refer to the Ariane IV first launch (800 Million Euro losses), Mars Climate Orbiter (160 Million USD loss), and others. No, aerospace code is not that good.
That one is true even in budding fascism as the British now clearly have.
In the British Police-State, that is not possible, unless the journalist is willing to go to prison for failing to disclose an encryption password. Forget about "plausible deniability", that is for kids and morons. It does not work in practice.
The time to protect essential freedoms in Britain is past, and the battle (pathetic though as it has been) is lost. Anybody now trying to protect itself will just be classified as a "terror supporter" and that is it. Expect concentration camps to be opened soon.
And it needs somebody that is responsible if this oversight fails and that goes to jail. In the US system that would be the task and responsibility of the prosecutor as it is his/her evidence.
Thank you. I recently started working with a student that kept insisting you can produce good code in Java and was able to demonstrate it. Made me re-think the problem. It may be that Java just became popular at a time where a lot of people entered the coding business for all the wrong reasons.
Hehehehe, nice!
Democracy was long viewed as an effective deterrent to totalitarianism. Unfortunately, those of a fascist leaning have now found an effective way around it:
1. Establish it slowly
2. Keep the population in fear so they sign off on anything
3. Make sure voters have no real alternatives
We are heading towards a fascist world order. Slowly this time, but with no real opposition unlike last time.
I agree. However anybody that knows only one language is basically incompetent. The Java-bunch just seems the worst of the lot, for whatever reasons. Maybe it is that Java has so much tool-support and so many libraries that even the most incompetent coder can produce something.
Well, being AC is certainly the new stupid (same as the old one). My statement is from experience, such as in external code reviews. Java code, without doubt, takes the crown for most badly written code in general, rare exceptions non-withstanding.
You seem to have no clue about the features that a good macro-assembler offers. It is vastly superior to BASIC.
Well, fortunately I returned my STEAM copy. Come to think of it, the Batmobil got on my nerves pretty soon in addition to the graphics breaking immersion all the time. Will not buy again. Well, maybe a $5 nice-price in a few years.
For modern BASIC (in particular no line numbers, only limited global variables, functions, no GOTO or one you do not usually need, etc.), I agree. For classical BASIC, I fully and completely agree with Djikstra. It is an abomination and exposing people to it hurts them. I was fortunately to recognize it as bad when I bough a C64 way back and moved on to a pretty good macro assembler.
Yea, well. And if people that do not understand efficiency and effectiveness, you get things like "laws", "processes", "forms", etc. that are complicated, unclear, dog slow, solve the wrong problem and generally are of massive negative worth because of the way they are done. So a course focused of efficiency, effectiveness, clarity, etc. would get my vote. Of course that would need to span all of education. And you would have to sack most teachers, as they cannot do well in this domain.
Most suck, but there are some that make the language work well. Makes me think not Java is broken, but all these people producing really bad code with it are.
Seriously, stop listening to these cretins. They give you fairy-tales and other stupid stuff they believe in. They do not give anything of any worth, but drown out people with an actual clue of what is possible and what not and how long things can be expected to take.
I don't think he ever had it in the first place...
They do not. Really not. That would be a catastrophe waiting to happen. (Then, we still have enough nukes at the ready to destroy the planet several times over, so that may not be much of a deterrent.) But it seems highly unlikely that they can break modern crypto like AES or indeed any of the other finalists for a number of reasons. In addition, the continued failure to force companies to make their software more secure does deliver a host of vulnerabilities all the time. I am not sure this is an accident.
Probably the only real problem with democracy is that most voters are morons, but more so, most politicians are morons and with all shreds of personal honor, integrity or morality removed.
+1000000, insightful. Sorry, no mod points. (Time to start reading those classics again. They become more and more relevant, unfortunately.)
David Cameron made a speech. He said the government wants it to be impossible for terrorists to hide from the security services.
And that is the problem right there: The only environment where that even gets close to the truth is extreme Fascism. If there is even a bit of personal freedom left, terrorists can hide. Hence even extreme Fascism offers some possibilities for terrorists to hide, so you have to have things like concentration camps, wars and famines to keep them otherwise occupied. But remember all those people that hid Jews in the 3rd Reich? All these qualify as "terrorists" in the convoluted mind-set of Cameron and he wants such deeds to be made impossible.
In the end, Cameron and his ilk want to remove all personal freedoms and have any action, and if possible, any thought by a citizen be subject to review by "the authorities".
While I agree on the sentiment, such a cancer can spread. Remember that Hitler was voted into office. (With a minority of votes, but still the largest share.)
Something needs to be intentionally broken if they can intercept and decrypt communications. That is a "compromise" of the security of the app, but it is not a backdoor, which is a command and control interface into the app. Intercepting and decrypting communication can be done by weaknesses in the Architecture, design and implementation, but may not require contacting the app at all.
The distinction is purely technical though, the result is the same: A broken product that endangers its users.
Well, not really, although it has the same effect. Weak keys, weak crypto, etc. all serve that purpose. I also have a nagging suspicion that legal approaches to make companies write more secure code are delayed or squashed in order to allow the GCHQ (and others of the same fundamental evil disposition) to continue to indulge their peeping habits.
This is really the best of both worlds: Force backdoors (which are insecure, of course) in there, but make it right again forcing the people involved to lie about it. Everybody that does not comply is obviously a terrorist and will go into an isolation cell in prison for his remaining lifetime.
In particular the British administration is lying habitually and pathologically and nothing they say can be trusted.
I have. But that type is not within the financial means of most projects, hence the meaningless ElCheapo version.
While these approaches all sound nice in theory, they are unworkable or mostly worthless in practice for the type of software under discussion here.
I have done such audits. You get 5 days to review 1000 lines of badly structured and undocumented code. In the end you conclude "no obvious backdoors or vulnerabilities", the vendor is off the hook and the code still sucks. And point 4? Until people doing the code are actually paid wages that attract those that can do it, forget it. Methodologies are vastly overrated. What makes the result good is that bad engineers usually cannot follow the methodology and get weeded out. But it is not the methodology that makes the code good, it is the people creating it.
That is what makes open-sourcing the code the only viable option at this time, unless a lot of money can be thrown at making the code secure. The latter is not the case in most scenarios.
Your aerospace example incidentally has another aspect that makes it non-general: Little change and a very well defined problem. Also, basically security by isolation, so the by far most difficult property of good code (security) is irrelevant in aerospace. Also refer to the Ariane IV first launch (800 Million Euro losses), Mars Climate Orbiter (160 Million USD loss), and others. No, aerospace code is not that good.