Pope got it this year. Don't worry. Snowden has many years left of data to slowly release. Unless he gets offed, in which case everything comes out right away.
The $10M is just to compromise the order of the preferred algorithm to use. That this was insecure was blatantly obvious, and the MS researchers pretty much proved it right away.
Next year, we'll find out the real number they paid to compromise the other supposedly secure algorithms.
Not just this. 1) The rag was left out in the sun. 2) There's no temperature gauge, so you can't tell if it's 0F or 110F. 3) There's some kind of unnatural glare going on. It could just be the rag is soaked with so much oil that it's outright reflecting the sunlight, but not knowing how the rag was prepared, I wonder if there's something say, concentrating the sunlight.
While spontaneous combustion is pretty cool to see, the reliabilty of this video is questionable.
Different people use it differently (read: incorrectly), but it effectively means extra value that's not provided by the material goods or unrelated to the advertised service. The extra value is usually perceived by the buyer, but not always real.
So value added for buying a Mac might be not having to worry about viruses. It's not necessarily true, but it's perceived as truth.
There has to be a benefit somewhere. Most people don't just shell out money for their principles, and especially not something as vague and terrifying as freedom. There's perceived value in using Linux (no Microsoft lock-in, potential security issues, etc.), but if that means having to give up watching Netflix, then people will choose Netflix and buy a Windows or Apple machine.
There's a market for truly secure though. There's a very big market in fact.
The NSA has been heavily monitoring Internet traffic since the 90s
Contrast that with today, where the NSA is actively storing all internet traffic and data mining it later. I could be wrong (it's the NSA after all), but I bet the scope of their operations did not extend to storing and retroactively data mining all internet traffic in the 90's. Perhaps they were storing information on certain key individuals that their monitoring software flagged, but not everybody's.
Admittedly, these programs have been around since the early 2000's and there's been whispers of it in that time period, but while those were rumors then, now there is evidence.
No, no it's not missed. What tends to be missed is that the needs of the content creator are different from the needs of the content consumer. Nerds, being almost exclusively content creators (i.e. the nerdier, the more significant the creations), find it difficult to understand the needs of the content consumer and see little value in appeasing it.
It's not wrong or bad, just how many of us see the world. On the flip side, people who primarily consume content do the exact same things. They can't understand why anyone wouldn't want something like a walled garden to keep them safe.
But let's say Apple's shitting gold. Eating their poop might not be such a bad idea, especially if you have the tenacity to wait for it to come back out the other end.
I'm no expert in the field, but my understanding is that there are several models of network security based on real-world notions of security.
VPN is a part of your traditional wall security, where your typical authentication and authorization happens at each level of security zone. Once you're in, you can do anything the zone permits you to do. VPN is, as stated by others, placed at the perimeter.
BTW, full internal company-wide encryption just means putting the secure zones under a roof so no one flying overhead can see what's going on from above (e.g. big brother).
Another model of security relies on negative feedback. There are no locks anywhere, and no one has keys, but missteps have consequences. That's the security model most modern governments employ against their citizens. The levels of surveillance, strictness of the deeds, and harshness of the punishment determine the repressiveness of the model. The level of security is proportional to the amount of monitoring (a place like prison being maximum security).
There are other models, I'm certain, but like I said, I'm no expert. These are the two more prevalent ones out there right now.
Zero trust is completely different. It's almost like a double-blind experiment. There's no trust anywhere. Not the users/developers, not the administrators, not the auditors, not anyone. Authentication is fundamentally a trust-building mechanism, and a zero-trust model means authentication is obsolete (remember, encryption is merely erecting a roof over everything). Anyone can get in and do all the same things. The only difference is in the domain knowledge of the actors, which differenciates those able to do more things from less things if anything at all.
A rather dirty analogy of zero trust would be hosting an open project on Github. Anyone can go in and make modifications, but only those who know the code could make modifications that do meaningful work. And then, of the people building the code and running it, only those who who possess the ability to verify the modifications would know that they're not harmful specifically for their use cases.
Another analogy of zero trust would be to have an open e-mail account. There's no guarantees the sender is represented by the name. Every e-mail is assumed to have been read by anyone capable of entering the system. (Changing or deleting e-mails can be universally prohibited.) Such an account would be mostly useful for communications of metadata information, i.e. where and when to meet, and trivial matters.
I don't think Google's gone quite that far with their security model. They may have gotten rid of the VPN (or not...), but there are still SSH keys used for authentication and authorization, and users still need to log in to their machine to use it. After all, zero trust implies that even we the ultimate end users can't trust what's coming out of Google to be accurate (assuming that we could before--that's another debate for another time). And I don't think Google wants to make that impression.
It may be that they started with a zero-trust model, and identified the areas where trust is unnecessary, which they left insecure. At the same time, they also identified where trust is absolutely necessary, as well as the level of trust that's appropriate, and put up the necessary strength of walls to secure them, as well as levels of monitoring to see who's entering different zones. That sounds far more reasonable to me, especially considering the amount of trade and other secrets Google is holding onto.
Besides YouTube, is there any ability that javascript and cookies give for your other purposes that SSL and regular plain old HTML doesn't?
And I gotta say, watching YouTube is a much poorer activity than reading news websites. Sorry, I remember when I was able to download the embedded videos I wanted to watch, and watch it on the player of my choice.
That's what happens when you have the perfect trifecta of greedy companies, lazy developers, and uneducated users. It's kind like the U.S. government right now.
One of the biggest issues is that we don't even have ballpark numbers for what the parameters for this should be. We have some of the parameters figured out. But 1) they're based on analysis on our own history and 2) you and people who think like you are not taking some very crucial bits into account.
I want to challenge one of your positions that you've mostly glossed over, and that is that once a civilization has expanded beyond its home planet, its years of existence automatically increases significantly. First of all, what is significant? One order of magnitude? Two orders? Human civilization (proper civilization) has existed for around 10K years. Two orders of magnitude puts it at 1M years. That's a drop in the bucket compared to the 14-18B years (minus 15 million) of the livable universe. What are the chances of multiple civilizations surviving for ~1M years meeting? What are the chances of them continuing to survive past the point when they meet? The assumption of one or two orders of magnitude is predicated on the civilization not immediately being wiped out by some neighboring advanced civilization.
Now, I'm going to challenge that two orders of magnitude statement a little further. Look at human migration out of Africa as an example. The genetic diversity of all the humans in the rest of the world pales in comparison to the diversity of the population currently in Africa. All it takes is for one bad virus (like an airborne ebola with a two week incubation period), and the only people left on this planet will be living in Africa. Do you really think this won't be the case for when humans move off the third rock? I'm going to posit that genetic diversity among the populartion of any theoretical interstellar colonies will be significantly less than the diversity found outside of Africa now, by about the same order. Those settlements are going to be genetically fragile in the long run. In fact, I posit that as a space-faring civilization continues to age, its overall genetic diversity, irrespective of whether the home planet remains habitable or not, will continue to decline. That's assuming natural genetic aging and excluding artificial factors like war.
Eventually, that civilization will utterly cease to exist, leaving behind dead, non-communicating artifacts that will also inevitably cease to be. Just think, we're digging up all these dinosaur bones right now. In a hundred million years, when humans are not around, what will there be left for that next intelligent species to discover?
Therefore, I think one order of magnitude would be a more realistic number than two for the increased lifetime of a civilization that's reached space. For us, that might be somewhere around 2-500K years should it happen.
See, most people think once humans are able to colonize other planets, we're set, humanity as a race somehow becomes immortal. I think, just as civilizations rise and fall, complex life forms rise and fall. There is no immortality, be it personal or societal. It is merely wishful thinking to believe otherwise.
So the fact that we're not meeting other intelligent species out there would not be too surprising. The chances of two space-faring civilizations arising at almost precisely the same time (because in universal time scales, a 100K-year difference is less than a blink of an eye) are almost nil.
If anything, if we ever end up on other planets, we might eventually find some remnants of other space-faring civilizations past. The remnants may, and necessarily at that, be superior to humanity's then-present technology. But we most likely won't find any living remnants. And to make matters worse, we won't find anything on any homeworld(s), because if humans are any indication, they'd have stripped their world bare before leaving it. That is, assuming that their civilization's remains haven't completely decomposed before we get to it. But chances are, I think we'll see scars at worse, like
The greater the complexity in a system, the greater points of failure. All this movement of processing onto the client just leads to more client side security holes. HTML5 is so complex, there are so many potential points of attack, it is the NSA's wet dream to have all browsers compete on implementing it fully. If Firefox 17 had 0-days that the NSA could use to attack TOR (yeah yeah, it was the FBI, I completely believe that it wasn't a crumb the NSA gave them), I imagine a fully HTML5 compliant Firefox XX will have enough 0-days out there to keep the NSA stringing the FBI along for another century or two. (As as aside, the NSA, on the other hand, has taken a wholistic approach to breaking encryption; they record everything and figure once they manage to get a quantum computer working in about 5-10 years, they'll be able to decrypt all of it in one shot.)
Where can one find a browser that just displays marked up, laid out content that implement the latest security protocols these days?
Sorry, if you want guns to be ubiquitious, then the training for how to properly handle it should also be ubiquitious.
I really wouldn't mind living in a society where every individual was a well-trained sharpshooter. In fact, that's one of our founding principles. I would mind a bunch of idiots or uneducated individuals possessing more firepower than they can intellectually be responsible for. That is a scary world, knowing that the chances of your and your kids' death just by being at the wrong place at the wrong time skyrockeeted due to everyone suddenly possessing firearms but lacking equally in sense on when to use or even display it.
What was that line again? Oh yeah. With great power comes great responsibility. Unfortunately, our society is shedding personal responsibility. Do you really think giving great power to these same individuals is really a good idea?
Nixon thought that with his unprecedented public support and with Hoover finally dead, he'd be in the clear to appoint whomever he wanted as the next head of FBI.
Of course, the genie can be put back in the bottle -- locked down devices can prevent code that hasn't been vetted to run, and on desktops, mandatory DRM stacks would ensure the laws are enforced regardless of borders.
No, sorry, it can't. There's currently enough technological excellence in other parts of the world that they can design and build unlocked general purpose computers for fairly cheap without U.S. involvement.
The only reason why people pay attention to U.S. laws is because of the strength of U.S. consumers. The U.S. spends and spends. It's a special market unto itself because of how much spending people do, and as a consequence, how competitive the landscape is for those consumer dollars. The money doesn't come from nowhere though. The U.S. has enormous amounts of natural resources to exploit, including a very low overall population density, a habitable climate, and a stable society seen practically nowhere else.
If it becomes more profitable to entirely ignore the U.S. market though, people will stop catering to the U.S. laws and regulations. This can be brought about in a multitude of ways, but one way that's already in progress is the loss of the middle class and thus the loss of total consumer spending power.
That'll be the only way things can return to sanity here; after economic intimidation from other countries.
Slashdot Mirror
Edward Snowden for man of the year.
Pope got it this year. Don't worry. Snowden has many years left of data to slowly release. Unless he gets offed, in which case everything comes out right away.
The $10M is just to compromise the order of the preferred algorithm to use. That this was insecure was blatantly obvious, and the MS researchers pretty much proved it right away.
Next year, we'll find out the real number they paid to compromise the other supposedly secure algorithms.
That's pretty good considering I look outside my window and I see no stars. Either the sky or my eyes must not be real.
The only thing such a big Bertha can't plow through would be the leftover remains of a long-buried Krogoth.
Not just this.
1) The rag was left out in the sun.
2) There's no temperature gauge, so you can't tell if it's 0F or 110F.
3) There's some kind of unnatural glare going on. It could just be the rag is soaked with so much oil that it's outright reflecting the sunlight, but not knowing how the rag was prepared, I wonder if there's something say, concentrating the sunlight.
While spontaneous combustion is pretty cool to see, the reliabilty of this video is questionable.
I have no idea what "value added" means
Different people use it differently (read: incorrectly), but it effectively means extra value that's not provided by the material goods or unrelated to the advertised service. The extra value is usually perceived by the buyer, but not always real.
So value added for buying a Mac might be not having to worry about viruses. It's not necessarily true, but it's perceived as truth.
There has to be a benefit somewhere. Most people don't just shell out money for their principles, and especially not something as vague and terrifying as freedom. There's perceived value in using Linux (no Microsoft lock-in, potential security issues, etc.), but if that means having to give up watching Netflix, then people will choose Netflix and buy a Windows or Apple machine.
There's a market for truly secure though. There's a very big market in fact.
It's cold. Wear a ski mask and hood or something else that'll cover just about everything except your eyes...
Then they'll have to use gait analysis to find you. And that'd be some story to tell in jail.
More importantly, will it also keep away fire deer and earth bears?
They're probably not found in twinkies.
It's called getting defensive and slipping in a freudian way.
The NSA has been heavily monitoring Internet traffic since the 90s
Contrast that with today, where the NSA is actively storing all internet traffic and data mining it later. I could be wrong (it's the NSA after all), but I bet the scope of their operations did not extend to storing and retroactively data mining all internet traffic in the 90's. Perhaps they were storing information on certain key individuals that their monitoring software flagged, but not everybody's.
Admittedly, these programs have been around since the early 2000's and there's been whispers of it in that time period, but while those were rumors then, now there is evidence.
No, no it's not missed. What tends to be missed is that the needs of the content creator are different from the needs of the content consumer. Nerds, being almost exclusively content creators (i.e. the nerdier, the more significant the creations), find it difficult to understand the needs of the content consumer and see little value in appeasing it.
It's not wrong or bad, just how many of us see the world. On the flip side, people who primarily consume content do the exact same things. They can't understand why anyone wouldn't want something like a walled garden to keep them safe.
But let's say Apple's shitting gold. Eating their poop might not be such a bad idea, especially if you have the tenacity to wait for it to come back out the other end.
I'm no expert in the field, but my understanding is that there are several models of network security based on real-world notions of security.
VPN is a part of your traditional wall security, where your typical authentication and authorization happens at each level of security zone. Once you're in, you can do anything the zone permits you to do. VPN is, as stated by others, placed at the perimeter.
BTW, full internal company-wide encryption just means putting the secure zones under a roof so no one flying overhead can see what's going on from above (e.g. big brother).
Another model of security relies on negative feedback. There are no locks anywhere, and no one has keys, but missteps have consequences. That's the security model most modern governments employ against their citizens. The levels of surveillance, strictness of the deeds, and harshness of the punishment determine the repressiveness of the model. The level of security is proportional to the amount of monitoring (a place like prison being maximum security).
There are other models, I'm certain, but like I said, I'm no expert. These are the two more prevalent ones out there right now.
Zero trust is completely different. It's almost like a double-blind experiment. There's no trust anywhere. Not the users/developers, not the administrators, not the auditors, not anyone. Authentication is fundamentally a trust-building mechanism, and a zero-trust model means authentication is obsolete (remember, encryption is merely erecting a roof over everything). Anyone can get in and do all the same things. The only difference is in the domain knowledge of the actors, which differenciates those able to do more things from less things if anything at all.
A rather dirty analogy of zero trust would be hosting an open project on Github. Anyone can go in and make modifications, but only those who know the code could make modifications that do meaningful work. And then, of the people building the code and running it, only those who who possess the ability to verify the modifications would know that they're not harmful specifically for their use cases.
Another analogy of zero trust would be to have an open e-mail account. There's no guarantees the sender is represented by the name. Every e-mail is assumed to have been read by anyone capable of entering the system. (Changing or deleting e-mails can be universally prohibited.) Such an account would be mostly useful for communications of metadata information, i.e. where and when to meet, and trivial matters.
I don't think Google's gone quite that far with their security model. They may have gotten rid of the VPN (or not...), but there are still SSH keys used for authentication and authorization, and users still need to log in to their machine to use it. After all, zero trust implies that even we the ultimate end users can't trust what's coming out of Google to be accurate (assuming that we could before--that's another debate for another time). And I don't think Google wants to make that impression.
It may be that they started with a zero-trust model, and identified the areas where trust is unnecessary, which they left insecure. At the same time, they also identified where trust is absolutely necessary, as well as the level of trust that's appropriate, and put up the necessary strength of walls to secure them, as well as levels of monitoring to see who's entering different zones. That sounds far more reasonable to me, especially considering the amount of trade and other secrets Google is holding onto.
Besides YouTube, is there any ability that javascript and cookies give for your other purposes that SSL and regular plain old HTML doesn't?
And I gotta say, watching YouTube is a much poorer activity than reading news websites. Sorry, I remember when I was able to download the embedded videos I wanted to watch, and watch it on the player of my choice.
That's what happens when you have the perfect trifecta of greedy companies, lazy developers, and uneducated users. It's kind like the U.S. government right now.
It's better than auto-pay.
pretending it doesn't won't make it go away.
One of the biggest issues is that we don't even have ballpark numbers for what the parameters for this should be. We have some of the parameters figured out. But 1) they're based on analysis on our own history and 2) you and people who think like you are not taking some very crucial bits into account.
I want to challenge one of your positions that you've mostly glossed over, and that is that once a civilization has expanded beyond its home planet, its years of existence automatically increases significantly. First of all, what is significant? One order of magnitude? Two orders? Human civilization (proper civilization) has existed for around 10K years. Two orders of magnitude puts it at 1M years. That's a drop in the bucket compared to the 14-18B years (minus 15 million) of the livable universe. What are the chances of multiple civilizations surviving for ~1M years meeting? What are the chances of them continuing to survive past the point when they meet? The assumption of one or two orders of magnitude is predicated on the civilization not immediately being wiped out by some neighboring advanced civilization.
Now, I'm going to challenge that two orders of magnitude statement a little further. Look at human migration out of Africa as an example. The genetic diversity of all the humans in the rest of the world pales in comparison to the diversity of the population currently in Africa. All it takes is for one bad virus (like an airborne ebola with a two week incubation period), and the only people left on this planet will be living in Africa. Do you really think this won't be the case for when humans move off the third rock? I'm going to posit that genetic diversity among the populartion of any theoretical interstellar colonies will be significantly less than the diversity found outside of Africa now, by about the same order. Those settlements are going to be genetically fragile in the long run. In fact, I posit that as a space-faring civilization continues to age, its overall genetic diversity, irrespective of whether the home planet remains habitable or not, will continue to decline. That's assuming natural genetic aging and excluding artificial factors like war.
Eventually, that civilization will utterly cease to exist, leaving behind dead, non-communicating artifacts that will also inevitably cease to be. Just think, we're digging up all these dinosaur bones right now. In a hundred million years, when humans are not around, what will there be left for that next intelligent species to discover?
Therefore, I think one order of magnitude would be a more realistic number than two for the increased lifetime of a civilization that's reached space. For us, that might be somewhere around 2-500K years should it happen.
See, most people think once humans are able to colonize other planets, we're set, humanity as a race somehow becomes immortal. I think, just as civilizations rise and fall, complex life forms rise and fall. There is no immortality, be it personal or societal. It is merely wishful thinking to believe otherwise.
So the fact that we're not meeting other intelligent species out there would not be too surprising. The chances of two space-faring civilizations arising at almost precisely the same time (because in universal time scales, a 100K-year difference is less than a blink of an eye) are almost nil.
If anything, if we ever end up on other planets, we might eventually find some remnants of other space-faring civilizations past. The remnants may, and necessarily at that, be superior to humanity's then-present technology. But we most likely won't find any living remnants. And to make matters worse, we won't find anything on any homeworld(s), because if humans are any indication, they'd have stripped their world bare before leaving it. That is, assuming that their civilization's remains haven't completely decomposed before we get to it. But chances are, I think we'll see scars at worse, like
The real problem was that none of the aliens spoke English.
The greater the complexity in a system, the greater points of failure. All this movement of processing onto the client just leads to more client side security holes. HTML5 is so complex, there are so many potential points of attack, it is the NSA's wet dream to have all browsers compete on implementing it fully. If Firefox 17 had 0-days that the NSA could use to attack TOR (yeah yeah, it was the FBI, I completely believe that it wasn't a crumb the NSA gave them), I imagine a fully HTML5 compliant Firefox XX will have enough 0-days out there to keep the NSA stringing the FBI along for another century or two. (As as aside, the NSA, on the other hand, has taken a wholistic approach to breaking encryption; they record everything and figure once they manage to get a quantum computer working in about 5-10 years, they'll be able to decrypt all of it in one shot.)
Where can one find a browser that just displays marked up, laid out content that implement the latest security protocols these days?
Sorry, if you want guns to be ubiquitious, then the training for how to properly handle it should also be ubiquitious.
I really wouldn't mind living in a society where every individual was a well-trained sharpshooter. In fact, that's one of our founding principles. I would mind a bunch of idiots or uneducated individuals possessing more firepower than they can intellectually be responsible for. That is a scary world, knowing that the chances of your and your kids' death just by being at the wrong place at the wrong time skyrockeeted due to everyone suddenly possessing firearms but lacking equally in sense on when to use or even display it.
What was that line again? Oh yeah. With great power comes great responsibility. Unfortunately, our society is shedding personal responsibility. Do you really think giving great power to these same individuals is really a good idea?
At this point, I'm inclined to believe that this to be true, rather than it still being a mere possibility.
The question I have at this point is, who's really pulling the strings around here?
Nixon thought that with his unprecedented public support and with Hoover finally dead, he'd be in the clear to appoint whomever he wanted as the next head of FBI.
He was wrong.
Of course, the genie can be put back in the bottle -- locked down devices can prevent code that hasn't been vetted to run, and on desktops, mandatory DRM stacks would ensure the laws are enforced regardless of borders.
No, sorry, it can't. There's currently enough technological excellence in other parts of the world that they can design and build unlocked general purpose computers for fairly cheap without U.S. involvement.
The only reason why people pay attention to U.S. laws is because of the strength of U.S. consumers. The U.S. spends and spends. It's a special market unto itself because of how much spending people do, and as a consequence, how competitive the landscape is for those consumer dollars. The money doesn't come from nowhere though. The U.S. has enormous amounts of natural resources to exploit, including a very low overall population density, a habitable climate, and a stable society seen practically nowhere else.
If it becomes more profitable to entirely ignore the U.S. market though, people will stop catering to the U.S. laws and regulations. This can be brought about in a multitude of ways, but one way that's already in progress is the loss of the middle class and thus the loss of total consumer spending power.
That'll be the only way things can return to sanity here; after economic intimidation from other countries.