At this point, does it even matter? IPv6 is taking forever to adopt. By the time any new PRISM-proof standard gains any amount of traction, the NSA would have developed a new system to work around it. And that's assuming that the NSA hasn't sabotaged its efforts either by directly convincing the standard-writers to put in back doors, or indirectly by convincing companies not to adopt secure portions of the standards.
Communication has been, and always will be about trust. Without trust, no communication can take place.
Yes, but remember how many iterations of the iPod before they got it right. That circular interface wasn't so great while it was still a mechanical wheel with mechanical buttons underneath. Also, remember it was firewire+iTunes only for the longest time. Jobs initially wanted to lock iPod users to Apple users only.
The iPod had to do its time as a middling mp3 player. What really got it going was when it became a fashion statement. And then Jobs released the USB version and iTunes for Windows, and that's when it took off.
You can argue that IBM had always sold services to the enterprise. Mainframes built and deployed in the 60's are still running today, and IBM continues to support them like they did over 50 years ago.
The restructuring they did in the 90's was merely changing from a hardware-centric service model to a software+hardware model. That, and they cut their consumer devices division that was turning into a cancerous tumor.
Dell once had incredible enterprise support. For a while, they were know as the company to buy enterprise servers and workstations from. Then, they tried to branch into the consumer market and failed miserably. The razor-thin margins not only were unsustainable, but it also cost them both a chunk of the support infrastructure they had built for the enterprise, as well as their good name. That's where they went wrong, and where IBM did right twenty years earlier.
If this is the direction Michael Dell wants to take his company, then there's a chance of success. If he wants to compete with IBM in hardware+software services, then he's got no chance.
If a black hole generated by the LHC could grow to eat the earth, it probably would have happened already. The LHC is basically working at the same energies equal to cosmic rays striking the earth's atmosphere. You'd think that after 4.5 billion years of cosmic rays hitting things like this planet, the sun, the other planets, etc. that a black hole would be here by now.
Thus, based on our present existence and the existence of all these stars and other material out in space, either the black holes are not being generated, they do not exist long enough to be a threat, or the chances of it happening is low enough that it's not really worth considering. And that really is what it comes down to: it's not worth considering.
Because they're the biggest player on the internet. They're the easiest target. And not to mention there's a fair amount of propoganda put out by the U.S. government itself against Google. It's an attack from all fronts, including the legal one (the streetview debacle). And I wonder how much of that was a government plant whose job was to give the government legal leverage against them. I mean, what idiot engineer would specifically hack the streetview cars to collect open wi-fi data?
That's not to say that we shouldn't hold Google accountable for any actions they do that may be less than ethical. But to point fingers at them for the wrong reasons just weakens any legitimate concerns.
If the theoretical exploit isn't at the hardware level, one way to discover a compromised compiler would be to compile the same code with multiple compilers, and then compare their outputs. Having multiple compilers for one platform is a good thing.
Hanlon's razor specifically doesn't cover the case of known malicious actors, even if the malicious actors are non-specific.
For cryptography from here on out, it's a matter of questioning everything, and going through all of the results and conclusions with a fine-toothed comb. If something is too complex, then it should be simplified prior to standardization, or the standard needs to be revised. It something included seems arbitrary, then it needs to be questioned and only a reasonable explanation would justify its inclusion. Things should be checked and double checked. Assumptions should be identified, and the risks they present need to be mitigated beforehand, irrespective of how much additional work or overhead that would cause. The only thing that can be trusted is the math, but even then, the application of the math needs to be considered in length.
But I think it gets worse than this from here on out. The next thing for them to do is to attack the field of cryptography. They can't attack the math, so they'll attack education. They'll sabotage textbooks, teachers, professors, hell, the whole education system here and abroad. Just so their shenanigans cannot be exposed by real mathematicians, cryptographers, and other security experts. And when that happens--and it's happening even now, if you've ever bothered to look at the state of education in the U.S.--we'll all lose.
The difference hardware-wise between Surface RT and Surface Pro is significant. The RT is still fairly light and easy to carry around. The Pro is significantly larger and heavier due to a larger battery and more cooling capabilities built in, and still has less battery life. In fact, the additional size and weight was sited as one reason why the Pro wasn't any good as a tablet. Cutting the thickness and weight of tablets is not just a packaging and shipping advantage.
The only way for x86 chips to reduce both heat and power consumption on load (because face it, if the processor heats up significantly at max load, an additional cooling system would have to be included in the machine's design) is to cut performance. And given x86's overhead, that'll never truly be able to compete with ARM.
Of course, RT is plagued with numerous software and hardware problems and probably was dead on arrival anyway. But new x86 chips are far from being the reason it hasn't and won't take off.
Think of it this way: if the hypothetical cost of a metal case is $1, then the relative cost of plastic maybe $0.01. This would be the cost to source the part, and would not include cost of assembly, shipping of the unit as a whole, etc.
While that $0.99 difference doesn't seem like much savings, the MSRP is somewhere around 2 orders of magnitude more than the actual materials cost. So that $0.99 cost savings translates to a product that's $99 less in retail.
This is why Snowden is releasing things slowly. If he had regurgitated everything in one shot, it would have hit the headlines for 3 months, then everyone would've forgotten about it after a round of embassy closings and talks of going to war based on sketchy evidence.
The way it is now, the diversions created by the CIA propoganda machine won't last more than a week or two, until the next set of documents come to light and attention once again returns to the NSA's unconstitutional activities. This method keeps the public constantly aware of these activities, and even more so, highlights the CIA's attempts to divert attention away.
Some attacks rely on having enough data beforehand. These attacks would be practical only to the government owning the Internet.
It's a bit more complicated, but as an analogy, a class of attacks against symmetric-key encryption rely on a priori knowledge of plaintext values within the ciphertext. If you think of possessing accurate metadata as possessing these plaintext values, then only an entity with the ability to see 99% of the traffic going through the internet would be able to gather the metadata to a degree of accuracy to open up such vectors of attack. And there's only one entity with that kind of capability.
That's not to say that some third party couldn't do the same for a specific target. But it's much harder without having the full picture that the NSA would have.
But even then, you can't trust a U.S. based company with developing such a program, and can hardly trust any closed-source program.
The NSA will pop a backdoor into any U.S. product, and will try to infiltrate any non-U.S. company to do the same if it's closed source.
That's not to say that there aren't any hardware or other systemic flaws that make GPG itself weaker than it should be. Like for example, some hardware random number generator.
It's only the good bit because we all know he's lying through his teeth when he said this.
Hell, all U.S. foreign policy of the last 60 years has been to gain a competitive advantage for U.S. based-companies. That freedom and democracy bullshit has all just been to placate the ignorant masses. It's not even a badly-kept secret anymore.
There are only so many developers they can afford to buy off,
and raise you this quote:
If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.
As the NSA, you don't need to buy off developers. All you need to do is offer them amnesty for all the laws they broke in the past if they do this one small job you ask them to. And if they don't do as you say, you can slap them with trumped charges that will land you in jail for the rest of your life, effectively if not actually. Your brother, the FBI, has been using this tactic with mobsters for years, to great success.
The funny thing is, the more data you collect, the more developers you can convince to work for you, and the more data you collect. It's a vicious cycle.
Only principle and sacrifice can break the cycle, and is only truly effective when every cryptographer, every mathematician, every developer, every engineer does it. It'd be the same as if nobody talks. But this being Slashdot, you're one of the above, I'm certain. Would you be willing to do this?
Ha! Return to his own country? Maybe in 40, 50 years, when all the dust he kicked up has settled, and only if for the better. And that's assuming the CIA hasn't offed him by then.
Your party stays in power indefinately, the only things that might end your reign are a split in your party, or killing off so many people that there not enough people left to work and your economy collapses.
In a resource-thin country, that'd be true. In a resource-rich country, the government and people left would raze the country's available natural resources if only in order to survive.
And then, after that, a stronger country, probably a neighboring one, will continue to prop up your government, because that country wants to keep your's stable.
Wish I had mod points right now. Eventually, everything's going to be terrorism. Robbery? Terrorism. Mugging? Terrorism. Shushing someone in a theater? Terrorism.
Terrorism is by definition a slippery slope. Everyone gets terrorized at some point in time. If not by parents during early childhood, then by experience later, or by interacting with different people during adulthood.
There are literally hundreds of places to attack encrypted communications. The encryption algorithm itself is just one component in a chain that must be and remain secure. The NSA only needs to compromise one part of that chain to compromise the entire system.
It can be a mathematical breakthrough. It can be an implementation flaw. It can be an implementation flaw of any related--however loosely--system. It can be an embedded individual on one end. It can be a specific external device. It can be a component--however marginal--of a device. It can be a (secret) court order. It can be a xkcd-style baseball bat to the knee to one or both parties. It can be negotiated with one or both parties.
The founders knew this. They understood that an individual with limited resources had no chance against the government who would have relatively unlimited resources (the government's resources is the country itself, so it really is Person vs. United States), and the only way to prevent, stop, or avoid such a scenario is for the government to check and balance itself. Those checks and balances have (mostly) failed. We as individuals have no recourse.
There's always hope, but you'd be deluding yourself if you think there's any chance.
In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a back door into the product before it was shipped, someone familiar with the request told The Times.
Who else remembers the debacle about the government no longer purchasing Lenovo computers? I remember some people saying that if the U.S. government is making all this fuss about it, they're probably the ones doing it.
Intelligence officials asked The Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others.
Here's hoping Wikileaks or some other organization will publish more details on what's been compromised.
What makes anything Microsoft is doing inherently inferior to Google, Apple or Sony?
"Inherently" is a strong word. I think a lot of posters have, and will continue to be evaluating their Surface line based on merit. And that includes ecosystem, software, hardware, and price. Quite frankly, besides a minority, most people see ARM Surface failing on all four fronts and Pro on three of the four. And the reasons why it fails seem to be confirmed by the lack of interest from the general public.
Worse, however, Microsoft has done nothing to address the actual problems. They've gone and made changes to the software, but the changes also don't seem to address the real issues plaguing the device. They've gone and upgraded the hardware, but the parts they upgraded don't appear to fully address the issues either (kickstand, really?). Seeing a pattern here?
If the ARM Surface 2 was announced with say, a QSXGA or QUXGA screen, x86-64 emulation layer, Metro as a separate application or service, maybe it'd be worth giving a second look at. But given Microsoft's recent track record of listening to their customer feedback, I think the chances of any meaningful improvements to the line is nill. And I suspect many people, geek and non-geek alike, share these if not similar sentiments.
It's not just Groups. They're changing everything. And introducing new bugs that weren't there before, reducing functionality, reducing usability, and overall doing exactly what software developers have been trained not to do, which is break what already works.
Yes, sometimes, old things need to be replaced with new. But that new thing better work as well as the old one before outright replaces the old one (as opposed to a limited beta or some such).
Slashdot Mirror
At this point, does it even matter? IPv6 is taking forever to adopt. By the time any new PRISM-proof standard gains any amount of traction, the NSA would have developed a new system to work around it. And that's assuming that the NSA hasn't sabotaged its efforts either by directly convincing the standard-writers to put in back doors, or indirectly by convincing companies not to adopt secure portions of the standards.
Communication has been, and always will be about trust. Without trust, no communication can take place.
Yes, but remember how many iterations of the iPod before they got it right. That circular interface wasn't so great while it was still a mechanical wheel with mechanical buttons underneath. Also, remember it was firewire+iTunes only for the longest time. Jobs initially wanted to lock iPod users to Apple users only.
The iPod had to do its time as a middling mp3 player. What really got it going was when it became a fashion statement. And then Jobs released the USB version and iTunes for Windows, and that's when it took off.
You can argue that IBM had always sold services to the enterprise. Mainframes built and deployed in the 60's are still running today, and IBM continues to support them like they did over 50 years ago.
The restructuring they did in the 90's was merely changing from a hardware-centric service model to a software+hardware model. That, and they cut their consumer devices division that was turning into a cancerous tumor.
Dell once had incredible enterprise support. For a while, they were know as the company to buy enterprise servers and workstations from. Then, they tried to branch into the consumer market and failed miserably. The razor-thin margins not only were unsustainable, but it also cost them both a chunk of the support infrastructure they had built for the enterprise, as well as their good name. That's where they went wrong, and where IBM did right twenty years earlier.
If this is the direction Michael Dell wants to take his company, then there's a chance of success. If he wants to compete with IBM in hardware+software services, then he's got no chance.
If a black hole generated by the LHC could grow to eat the earth, it probably would have happened already. The LHC is basically working at the same energies equal to cosmic rays striking the earth's atmosphere. You'd think that after 4.5 billion years of cosmic rays hitting things like this planet, the sun, the other planets, etc. that a black hole would be here by now.
Thus, based on our present existence and the existence of all these stars and other material out in space, either the black holes are not being generated, they do not exist long enough to be a threat, or the chances of it happening is low enough that it's not really worth considering. And that really is what it comes down to: it's not worth considering.
an unexpected UI change in office 2013
Did they backtrack on ribbon too? Well it's about time.
Because they're the biggest player on the internet. They're the easiest target. And not to mention there's a fair amount of propoganda put out by the U.S. government itself against Google. It's an attack from all fronts, including the legal one (the streetview debacle). And I wonder how much of that was a government plant whose job was to give the government legal leverage against them. I mean, what idiot engineer would specifically hack the streetview cars to collect open wi-fi data?
That's not to say that we shouldn't hold Google accountable for any actions they do that may be less than ethical. But to point fingers at them for the wrong reasons just weakens any legitimate concerns.
If the theoretical exploit isn't at the hardware level, one way to discover a compromised compiler would be to compile the same code with multiple compilers, and then compare their outputs. Having multiple compilers for one platform is a good thing.
Hanlon's razor specifically doesn't cover the case of known malicious actors, even if the malicious actors are non-specific.
For cryptography from here on out, it's a matter of questioning everything, and going through all of the results and conclusions with a fine-toothed comb. If something is too complex, then it should be simplified prior to standardization, or the standard needs to be revised. It something included seems arbitrary, then it needs to be questioned and only a reasonable explanation would justify its inclusion. Things should be checked and double checked. Assumptions should be identified, and the risks they present need to be mitigated beforehand, irrespective of how much additional work or overhead that would cause. The only thing that can be trusted is the math, but even then, the application of the math needs to be considered in length.
But I think it gets worse than this from here on out. The next thing for them to do is to attack the field of cryptography. They can't attack the math, so they'll attack education. They'll sabotage textbooks, teachers, professors, hell, the whole education system here and abroad. Just so their shenanigans cannot be exposed by real mathematicians, cryptographers, and other security experts. And when that happens--and it's happening even now, if you've ever bothered to look at the state of education in the U.S.--we'll all lose.
The difference hardware-wise between Surface RT and Surface Pro is significant. The RT is still fairly light and easy to carry around. The Pro is significantly larger and heavier due to a larger battery and more cooling capabilities built in, and still has less battery life. In fact, the additional size and weight was sited as one reason why the Pro wasn't any good as a tablet. Cutting the thickness and weight of tablets is not just a packaging and shipping advantage.
The only way for x86 chips to reduce both heat and power consumption on load (because face it, if the processor heats up significantly at max load, an additional cooling system would have to be included in the machine's design) is to cut performance. And given x86's overhead, that'll never truly be able to compete with ARM.
Of course, RT is plagued with numerous software and hardware problems and probably was dead on arrival anyway. But new x86 chips are far from being the reason it hasn't and won't take off.
Your phone would become a tiny tablet without any connection to anything. Not entirely useless, but not much use.
It'd make a decent flashlight. And during a crisis, that'd be of mild importance.
Think of it this way: if the hypothetical cost of a metal case is $1, then the relative cost of plastic maybe $0.01. This would be the cost to source the part, and would not include cost of assembly, shipping of the unit as a whole, etc.
While that $0.99 difference doesn't seem like much savings, the MSRP is somewhere around 2 orders of magnitude more than the actual materials cost. So that $0.99 cost savings translates to a product that's $99 less in retail.
That's assuming they don't get arrested first for failing to apply for and receive a permit to protest.
The bad thing is that the FBI's actually been doing this since its inception. They have a profile on everybody who's anybody.
The good thing is that the masses are actually starting to realize this. And they're not liking how deep the rabbit hole goes.
This is why Snowden is releasing things slowly. If he had regurgitated everything in one shot, it would have hit the headlines for 3 months, then everyone would've forgotten about it after a round of embassy closings and talks of going to war based on sketchy evidence.
The way it is now, the diversions created by the CIA propoganda machine won't last more than a week or two, until the next set of documents come to light and attention once again returns to the NSA's unconstitutional activities. This method keeps the public constantly aware of these activities, and even more so, highlights the CIA's attempts to divert attention away.
Some attacks rely on having enough data beforehand. These attacks would be practical only to the government owning the Internet.
It's a bit more complicated, but as an analogy, a class of attacks against symmetric-key encryption rely on a priori knowledge of plaintext values within the ciphertext. If you think of possessing accurate metadata as possessing these plaintext values, then only an entity with the ability to see 99% of the traffic going through the internet would be able to gather the metadata to a degree of accuracy to open up such vectors of attack. And there's only one entity with that kind of capability.
That's not to say that some third party couldn't do the same for a specific target. But it's much harder without having the full picture that the NSA would have.
But even then, you can't trust a U.S. based company with developing such a program, and can hardly trust any closed-source program.
The NSA will pop a backdoor into any U.S. product, and will try to infiltrate any non-U.S. company to do the same if it's closed source.
That's not to say that there aren't any hardware or other systemic flaws that make GPG itself weaker than it should be. Like for example, some hardware random number generator.
It's only the good bit because we all know he's lying through his teeth when he said this.
Hell, all U.S. foreign policy of the last 60 years has been to gain a competitive advantage for U.S. based-companies. That freedom and democracy bullshit has all just been to placate the ignorant masses. It's not even a badly-kept secret anymore.
I see your line:
There are only so many developers they can afford to buy off,
and raise you this quote:
If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.
As the NSA, you don't need to buy off developers. All you need to do is offer them amnesty for all the laws they broke in the past if they do this one small job you ask them to. And if they don't do as you say, you can slap them with trumped charges that will land you in jail for the rest of your life, effectively if not actually. Your brother, the FBI, has been using this tactic with mobsters for years, to great success.
The funny thing is, the more data you collect, the more developers you can convince to work for you, and the more data you collect. It's a vicious cycle.
Only principle and sacrifice can break the cycle, and is only truly effective when every cryptographer, every mathematician, every developer, every engineer does it. It'd be the same as if nobody talks. But this being Slashdot, you're one of the above, I'm certain. Would you be willing to do this?
Yeah, didn't think so.
Ha! Return to his own country? Maybe in 40, 50 years, when all the dust he kicked up has settled, and only if for the better. And that's assuming the CIA hasn't offed him by then.
Your party stays in power indefinately, the only things that might end your reign are a split in your party, or killing off so many people that there not enough people left to work and your economy collapses.
In a resource-thin country, that'd be true. In a resource-rich country, the government and people left would raze the country's available natural resources if only in order to survive.
And then, after that, a stronger country, probably a neighboring one, will continue to prop up your government, because that country wants to keep your's stable.
Wish I had mod points right now. Eventually, everything's going to be terrorism. Robbery? Terrorism. Mugging? Terrorism. Shushing someone in a theater? Terrorism.
Terrorism is by definition a slippery slope. Everyone gets terrorized at some point in time. If not by parents during early childhood, then by experience later, or by interacting with different people during adulthood.
There are literally hundreds of places to attack encrypted communications. The encryption algorithm itself is just one component in a chain that must be and remain secure. The NSA only needs to compromise one part of that chain to compromise the entire system.
It can be a mathematical breakthrough. It can be an implementation flaw. It can be an implementation flaw of any related--however loosely--system. It can be an embedded individual on one end. It can be a specific external device. It can be a component--however marginal--of a device. It can be a (secret) court order. It can be a xkcd-style baseball bat to the knee to one or both parties. It can be negotiated with one or both parties.
The founders knew this. They understood that an individual with limited resources had no chance against the government who would have relatively unlimited resources (the government's resources is the country itself, so it really is Person vs. United States), and the only way to prevent, stop, or avoid such a scenario is for the government to check and balance itself. Those checks and balances have (mostly) failed. We as individuals have no recourse.
There's always hope, but you'd be deluding yourself if you think there's any chance.
From ProPublica:
In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a back door into the product before it was shipped, someone familiar with the request told The Times.
Who else remembers the debacle about the government no longer purchasing Lenovo computers? I remember some people saying that if the U.S. government is making all this fuss about it, they're probably the ones doing it.
This seems to indicate those people are correct.
Intelligence officials asked The Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others.
Here's hoping Wikileaks or some other organization will publish more details on what's been compromised.
What makes anything Microsoft is doing inherently inferior to Google, Apple or Sony?
"Inherently" is a strong word. I think a lot of posters have, and will continue to be evaluating their Surface line based on merit. And that includes ecosystem, software, hardware, and price. Quite frankly, besides a minority, most people see ARM Surface failing on all four fronts and Pro on three of the four. And the reasons why it fails seem to be confirmed by the lack of interest from the general public.
Worse, however, Microsoft has done nothing to address the actual problems. They've gone and made changes to the software, but the changes also don't seem to address the real issues plaguing the device. They've gone and upgraded the hardware, but the parts they upgraded don't appear to fully address the issues either (kickstand, really?). Seeing a pattern here?
If the ARM Surface 2 was announced with say, a QSXGA or QUXGA screen, x86-64 emulation layer, Metro as a separate application or service, maybe it'd be worth giving a second look at. But given Microsoft's recent track record of listening to their customer feedback, I think the chances of any meaningful improvements to the line is nill. And I suspect many people, geek and non-geek alike, share these if not similar sentiments.
It's not just Groups. They're changing everything. And introducing new bugs that weren't there before, reducing functionality, reducing usability, and overall doing exactly what software developers have been trained not to do, which is break what already works.
Yes, sometimes, old things need to be replaced with new. But that new thing better work as well as the old one before outright replaces the old one (as opposed to a limited beta or some such).