n an interesting work-around, Levison complied the next day by turning over the private SSL keys as an 11 page printout in 4-point type. The government, not unreasonably, called the printout "illegible."
from TFA:....But Lavabit offered paying customers a secure email service that stores incoming messages encrypted to a key known only to that user. Lavabit itself did not have access.
If this is true, then how could Lavabit also have done the following?
Lavabit offered an alternative method to tap into the single user in question but...
Either they could access the data or they couldn't.
Before committing to anything you might want to read this
follow up post.Apparently there are titles shown in the library that may not actually be available in your geolocation. In addition, you won't find out about that until you actually try to open the book. It's really quite disingenuous of them to show you books and let you add them to your library, when they clearly later know that those titles are not available to you for actual reading.
On the other hand, please take a look at the history of
differential cryptanalysis. The NSA was quite ahead of academia on that one. My own research back in those days demonstrated that the substitution boxes had been chosen with very specific characteristics. The same holds true for elliptic curves, where the curve chosen must have specific properties. Whether we know what all of those properties are though is still undecided, We know what makes a weak curve, but do we know what makes a strong one?
even software alone consist of so many layers ( from the spreadsheet software program that we use, to the device drivers, the OS, to the embedded firmwares residing inside the chips, to the myriad mix of software that keep the Net humming.
Don't forget the compilers and linkers that build the software. The source may look fine, but where did the compiler come from?
Chris Roberts, who created the well-known Wing Commander series in 1990, managed to raise millions of dollars on Kickstarter last fall for his upcoming Star Citizen, eventually collecting so much money from individual backers that he could return the budget he'd taken from "formal" investment firms. "Even nice investors, they want a return at some point. They have a slightly diff agenda than I do," Roberts told Slashdot. "My agenda is to build the coolest game possible."
Herein lies the difference. Kickstarter backers are not seen as actual investors in the project by the project owners, but rather as a way to informally fund games that the developers want to work on without feeling like there is any real obligation to those who funded it. To paraphrase what Chris Roberts stated, he couldn't care less if it ever makes any money as long as he gets to build the "coolest game possible". Without the incentive/pressure of investors looking for a return however, there will always be "just one or two more things" to finish up and the game will never actually get released.
It would be so fun to see this argument play out in court.
It would be fun for about the first five minutes. The next twelve hours would be pure hell as lawyers try to explain to the jury what a reference frame is. Keep in mind that both groups still have VCRs that blink 12:00.
Can you give a glimpse at the process this requires? I assume it has to be algorithmic in some way but it's still baffling to me how it's done. What sort of errors happen?
Install Firefox. And if Firefox adopts it, patch and rebuild it.
This. Google can develop all of the proprietary shit it likes, but if it only works in Chrome then all they will manage to to is kill Chrome in the marketplace.
This of course permits the NSA to do a classic Man-In-The-Middle attack. They give your browser the fake certificate chain and a copy of the website login page, you type things in, they decrypt them, and use them to log in to the real website, they get the results back from the real website, re-encrypt them with the fake certificate chain, and send them back to you. As far as you know you're using the real website, as far as the website server knows they're speaking with a normal browser, but the NSA is capturing everything either side transmits in clear text and can inject fake content in either direction whenever they want.
This is why there are browser addons such as
Perspectives
which allow you to verify the certificate and will notify you if a certificate's signature changes at any time.
Developers might also want to take note of the following:
Warning: The current Google Cast SDK is a preview SDK intended for development and testing purposes only, not for production apps. Google may change this SDK significantly prior to the official release of the Google Cast SDK.
Actually it does matter a great deal. A key difference is what happens to the money if the project is not funded to the goal level. On kickstarter if the project misses its goal, no money changes hands. On indiegogo campaigns can be set up as "Flexible Funding" and the hosts get whatever is pledged (minus 9% for fees).
On Kickstarter, a project must reach its funding goal before time runs out or no money changes hands. Why? It protects everyone involved. This way, no one is expected to develop a project with an insufficient budget, which sucks. Remember you set your own funding goal, so aim to raise the minimum amount you'll need to create your vision. Projects can always raise more than their goal, and often do.
If your campaign is set up as Flexible Funding, you will be able to keep the funds you raise, even if you don't meet your goal. If your campaign is set up as Fixed Funding, all contributions will be returned to your funders if you do not meet your goal. Flexible Funding campaigns that meet their goal are only charged 4% as our platform fee, whereas campaigns that do not meet their goal are charged 9%.
There is no longer term advantage to an apartment.
The people who bought houses six years ago aren't seeing any longer term advantage either. If they hold on to it for another ten years or so the value may climb back to 80% of what they paid for it. If they're lucky.
... and limit (either through new laws or good judicial common sense) tracking by law enforcement to the same sorts of situations in which they would otherwise install a GPS tracker on your car.
Hell no! Based on recent events I would want a lot more protection that just this.
Slashdot Mirror
So lets keep everything equally dumb, right?
Reminds me of a certain Kurt Vonnegut Jr. Novel.
n an interesting work-around, Levison complied the next day by turning over the private SSL keys as an 11 page printout in 4-point type. The government, not unreasonably, called the printout "illegible."
Well played. Futile, but well played anyway.
from TFA: ....But Lavabit offered paying customers a secure email service that stores incoming messages encrypted to a key known only to that user. Lavabit itself did not have access.
If this is true, then how could Lavabit also have done the following?
Lavabit offered an alternative method to tap into the single user in question but ...
Either they could access the data or they couldn't.
Before committing to anything you might want to read this follow up post.Apparently there are titles shown in the library that may not actually be available in your geolocation. In addition, you won't find out about that until you actually try to open the book. It's really quite disingenuous of them to show you books and let you add them to your library, when they clearly later know that those titles are not available to you for actual reading.
On the other hand, please take a look at the history of differential cryptanalysis. The NSA was quite ahead of academia on that one. My own research back in those days demonstrated that the substitution boxes had been chosen with very specific characteristics. The same holds true for elliptic curves, where the curve chosen must have specific properties. Whether we know what all of those properties are though is still undecided, We know what makes a weak curve, but do we know what makes a strong one?
even software alone consist of so many layers ( from the spreadsheet software program that we use, to the device drivers, the OS, to the embedded firmwares residing inside the chips, to the myriad mix of software that keep the Net humming.
Don't forget the compilers and linkers that build the software. The source may look fine, but where did the compiler come from?
Or will hot air prevail on Capitol Hill? (Insert your methane joke here.)"
FTFY
Chris Roberts, who created the well-known Wing Commander series in 1990, managed to raise millions of dollars on Kickstarter last fall for his upcoming Star Citizen, eventually collecting so much money from individual backers that he could return the budget he'd taken from "formal" investment firms. "Even nice investors, they want a return at some point. They have a slightly diff agenda than I do," Roberts told Slashdot. "My agenda is to build the coolest game possible."
Herein lies the difference. Kickstarter backers are not seen as actual investors in the project by the project owners, but rather as a way to informally fund games that the developers want to work on without feeling like there is any real obligation to those who funded it. To paraphrase what Chris Roberts stated, he couldn't care less if it ever makes any money as long as he gets to build the "coolest game possible". Without the incentive/pressure of investors looking for a return however, there will always be "just one or two more things" to finish up and the game will never actually get released.
It would be so fun to see this argument play out in court.
It would be fun for about the first five minutes. The next twelve hours would be pure hell as lawyers try to explain to the jury what a reference frame is. Keep in mind that both groups still have VCRs that blink 12:00.
And Mrs. Sham was out shopping with friends.
Really? Mrs. Sham? Wow.
For those who might be interested, here is a link to the ordnance survey page where they describe the process used to create the map.
Can you give a glimpse at the process this requires? I assume it has to be algorithmic in some way but it's still baffling to me how it's done. What sort of errors happen?
Absolutely. You can find a good explanation here.
Install Firefox. And if Firefox adopts it, patch and rebuild it.
This. Google can develop all of the proprietary shit it likes, but if it only works in Chrome then all they will manage to to is kill Chrome in the marketplace.
Like anyone is using their real MAC address anyway.
Where're(sic) the prosecutors with the balls to hold the watchers accountable?
They've all been sent mp3s of their latest phone calls to their bookie/mistress/whatever as a reminder.
This of course permits the NSA to do a classic Man-In-The-Middle attack. They give your browser the fake certificate chain and a copy of the website login page, you type things in, they decrypt them, and use them to log in to the real website, they get the results back from the real website, re-encrypt them with the fake certificate chain, and send them back to you. As far as you know you're using the real website, as far as the website server knows they're speaking with a normal browser, but the NSA is capturing everything either side transmits in clear text and can inject fake content in either direction whenever they want.
This is why there are browser addons such as Perspectives which allow you to verify the certificate and will notify you if a certificate's signature changes at any time.
How do I moderate an article as off topic?
If you are interested in Pat Cadigan's novella, the preview / kindle sample of "edge of Infinity" includes the complete story. It can be found here.
You're going to need a bigger printer.
An undocumented API has changed. Now can we stop overreacting?
How is the API undocumented?
Developers might also want to take note of the following:
Warning: The current Google Cast SDK is a preview SDK intended for development and testing purposes only, not for production apps. Google may change this SDK significantly prior to the official release of the Google Cast SDK.
*Indiegogo. Whatever.
Actually it does matter a great deal. A key difference is what happens to the money if the project is not funded to the goal level. On kickstarter if the project misses its goal, no money changes hands. On indiegogo campaigns can be set up as "Flexible Funding" and the hosts get whatever is pledged (minus 9% for fees).
From the Kickstarter page:
Why is Kickstarter funding all-or-nothing?
On Kickstarter, a project must reach its funding goal before time runs out or no money changes hands. Why? It protects everyone involved. This way, no one is expected to develop a project with an insufficient budget, which sucks. Remember you set your own funding goal, so aim to raise the minimum amount you'll need to create your vision. Projects can always raise more than their goal, and often do.
From the Indiegogo FAQ
What if I don't reach my funding goal?
If your campaign is set up as Flexible Funding, you will be able to keep the funds you raise, even if you don't meet your goal. If your campaign is set up as Fixed Funding, all contributions will be returned to your funders if you do not meet your goal. Flexible Funding campaigns that meet their goal are only charged 4% as our platform fee, whereas campaigns that do not meet their goal are charged 9%.
There is no longer term advantage to an apartment.
The people who bought houses six years ago aren't seeing any longer term advantage either. If they hold on to it for another ten years or so the value may climb back to 80% of what they paid for it. If they're lucky.
"So this is how liberty dies: with thunderous applause."
Senator Padme Amidala
That's a pretty good assumption since all of the files end in .aes256.torrent.
... and limit (either through new laws or good judicial common sense) tracking by law enforcement to the same sorts of situations in which they would otherwise install a GPS tracker on your car.
Hell no! Based on recent events I would want a lot more protection that just this.