Children are assumed to lack the capacity to make intelligent decisions for their well-being
This isn't about 'the children'. If they used lead paint in coffee mugs marketed to adults that would be just as much a problem. The issue isn't that an adult lacks the capacity, its that even if they have the capacity the onus shouldn't be on them to have to check if a coffee mug was made with lead paint.
Do I really care how well-maintained the transport car is?
I certainly do.
Why does it need to exceed rules established for cars in general?
To use your words: " because the assumption is they can adequately assess the risks, and have the right to decide accordingly." applies fine for MY car, driving me around.
But I can't adequately access the condition of YOUR car, which I've hired to drive me around.
Are poorly maintained vehicles as much of an issue with modern automobiles as it was when the law was passed?
Dare we attribute some of the improvement to the regulations mandating the improvement?
Does the ability of users in Uber and Lyft to rate drivers completely solve the problem since they can vote down drivers with unpleasant or unreliable rides?
Of course not. Random 'Other passengers' are not qualified to asses whether the car is a deathtrap.
Would it possibly make more sense to transition to a system in which passengers carry insurance instead of drivers?
Think about it. No.
The situation is simply not the same as it was when these laws were passed. Back then, these laws provided possibly needed solutions.Now, if the problems they were intended to solve even exist, there may be better solutions.
Perhaps. But 'maybe' isn't a reason to just ignore all the regulations. Each one should be assessed and argued independently of the rest. You can't say "maybe we don't need it", and then start ignoring it. The 'taxi medallion' system in place in some places i think one could easily argue AGAINST. The premise that vehicles that are used to transport people commercially should be inspected for safety and insured for what they are used for is easily argued FOR.
The question is whether the state is going to step in and forbid citizens from pursuing these solutions, on the premise the state is once-and-always-correct, or if we are going to let citizens experiment and make their own decisions.
False dichotomy. There are plenty of other middle roads.
Taxicab operating licenses, or medallions, are traded on a free market for upwards of $100,000 in many large urban areas. The rich capitalists who hold onto these employ minimum wage people who lease the right to use medallions and the cars.
Agreed. this is a real problem, that does need to be resolved in places that have it.
Uber and Lyft are disruptive in the sense that they enable anyone who can afford a car to work, which potentially could invalidate the worth of those medallions to rich people who own them.
And I'm fine with letting them compete; and think the medallion monopolies should be disrupted, but a lot of the regulation in place is good and uber etc do need to meet them.
And before we go half cocked about 'enable anyone who can afford a car to work' we need to think about what that means -- because you are right they now ARE working. So is uber their employer? Are drivers *really* independent contractors?
I mean, how can I find out about my friends unless they report up to some big corp?
For me, the real question is
"Why would I have people using this service as friends?"
Besides, outside of very limited domains I wouldn't value my friends reviews of products on amazon for example. And it would be far more trouble for me to tag them as friends, and then tag them as 'experts' in something, and then hope that they reviewed precisely what i was interested in... ? And that's assuming I'd be bothered to sign up for an account in the first place, which is unlikely in the extreme.
No, I've never used uber, but I've talked to a couple people now whose spouse / significant other was doing some driving as they were otherwise unemployed or whatever and I asked what the car insurance situation was like for that. Like I said, I'd driven pizza as a kid, and the bump from 'pleasure or two and from work within 10 miles" to "commercial delivery vehicle" was pretty severe -- I would only imagine that whatever was needed for "commercial delivery vehicle for people" was even higher than it was "for pizza".
I mostly got blank stares back, and told they hadn't done anything special.
The cowardly, terrified cry that no one, clearly, can possibly understand what they're doing. Oh, no.
Doesn't matter if I know that lead paint is dangerous to children licking the toys.
a) I dont' want to have to read the materials manifest for every toy marketed to kids I buy. I don't want to have to dismantle it and make sure the electrical is well engineered to prevent shocks.
b) Even if you KNOW the risks of lead paint, that doesn't do you any good if you don't know lead paint was used. Do I now have to send every toy I buy to a chemist to analyze?
This isn't wah-wah I need the nanny state to protect me from my own stupidity, this is I want to live in a country where if a toy is marketed as suitable for a 3 year old, that it actually contains no small sharp parts or is made of hazerdous toxic materials or is likely to explode, without me having to personally vet them all.
Oh, I didn't realize that the taxis of yore carried continuously updated ratings and reviews from each and every passenger.
So now the number likes you have on facebook means I can trust you? The reputation system of Uber is a good idea, but 'other passengers' are hardly qualified to assess the mechanical condition of the vehicle, or the insurance held by the driver. Its good if I want to know if he speaks Chinese, is friendly, talks too much, or if I want to hear long winded complaints about how the previous passenger must have worn too much perfume that triggered an allergy attack but the driver got him to the hospital efficiently so A+++.
Also, why can't insurance companies start offering "Passenger Plans" for the wary consumer?
Really? So if you get sick at a restaurant, the restaurant shouldn't have any liability or insurance; you were suppose to have your own 'diners insurance'?
Fool; your mind is a fossil. Please, get out of my way.
That's the best you've got? The existing taxi system has lots of room for improvement and competition, and there is some regulatory capture (corruption even) but pretending uber is all rainbows and unicorns from the knights of good is a bit myopic too.
People are voting with their dollars and their feet EVERYDAY.
And people would buy toys with lead paint in them too if the price was low and they weren't aware of the risks of lead paint. Does that mean the regulations preventing them are wrong?
Similarly people will get into a car operated by a driver without sufficient insurance or any gaurantee that the vehicle is operating correctly and safe, and if its cheaper they won't care either... at least... until there is an accident.
Which is how the regulations came into effect in the first place -- the public was tired of getting into cabs that weren't insured or maintained properly.
1) it should be a USB port not an AUX port. (If I'm using a flash drive it should just plug in. If I'm using a phone / ipod / whatever I want it to charge up)
2) It should have physical play / pause / skip / and volume controls.
Play/pause, skip are simple. The volume 'knob' is brilliant.
The display is gorgeous, (album art, track, album, song, etc). These days I just have an old 30GB ipod classic in the glovebox attached to it; that I only ever need to touch every few months to add new music, update playlists etc.
It has controls to browse and select playlists, albums, songs etc; but the UI for that isn't as good as it could be. Adequate but not 'ideal'.
Still, its pretty much by far the best in dash deck I've ever used; and I've moved it from car to new car a few times. Its in my wifes car now, as my newest car has a 'too proprietary' dash system to use it easily (fiber optics to the amplifier, low impedence speakers, and the existing radio is on the 'system bus' and the car apparently gets all cranky if you disconnect it... not insurmountable, but $$ and a PITA to get around. So in that car I'm using the 'aux' port -- but I'm seriously missing the ipod charging, and the dash controls for play/pause/skip. So I have to keep the ipod within rach. (At least the old ipods had physical buttons so you can operate them by touch)
But Apple isn't the same entity as the intermediary. Apple is involved with both endpoints by providing the hardware and software, but there's a cell tower, whatever service provider you have, whatever network connections are in between, whatever storage exists to ensure delivery even if the end point isn't currently available, whatever service provider the other person has, and another cell tower on the other end. Assume I trust Apple. I still don't trust all that stuff in the middle, particularly the cell phone and cell tower broadcast that anyone near that tower can pick up.
Which is why you need transport layer security, like https/ssl/tls. You don't need or benefit from "end to end encryption". I already wrote this in my original post.
So in your second example, if I trusted Mozilla *and* Google, but not Verizon, I don't need to bother with the extra security, just use SSL?
Bingo. And that is the world most of us live in. We trust the browsers/clients we use and we trust the services we deal with (be it google, dropbox, the bank), but we don't trust the commchannel and want to be secure from our data being overheard between the trusted endpoints. (Whether that trust, especially in the service endpoints has been misplaced is a separate issue, but that IS the trust model.)
And what if I trust the code Apple wrote, and the general security surrounding the encryption keys by Apple, but I don't trust that a third party never has access to the server Apple is using?
That's an interesting position. I suppose it does change things. But it it a rational position to hold? Why do you trust that a 3rd party never gets to tamper with the client, but has free access to the server?
I concede it does amount to a net reduction in the attack surface; since there are 'fewer' places to attack. And I agree a reduction in the attack surface is a genuine benefit to the security.
In terms of a malicious Apple or a coerced Apple you are still out of luck, and end-to-end encryption gets you nothing.
But in terms of Apple itself being the victim of an opportunistic attacker who is able to compromise Apple in some partial but incomplete way then, in that scenario, yes, apple's end to end security was better than not having it.
So I will revise my position; a single entities proprietary end to end encryption is the most worthless end-to-end encryption one can possibly have. But it IS better than not having it at all.
Copyright law is mostly there. It specifically allows for incidental copies made to use software for example. So you don't need a separate license to move it from the CD to the hard drive, from the hard drive to the drive controller cash, to RAM, to L1 cache, to L2 cache, and to video memory, along with the copy that gets shunted to the backup tape system at night....
That all media should be extended the same incidental copyright exclusion should be a nobrainer, but yeah, until its settled we get idiots thinking the image on screen is infringement, the image in your browser cache is infringement, and by golly, and if ~thats~ not infringement, then its surely infringment when you do a complete PC back up that night and your browser cache ends up duplicated onto your external USB drive along with everything else. You dirty criminal.
My point was that Apple managed to create an encryption scheme for messaging that results in every message being encrypted, without the user being expected to do special configuration and key management, and it's baked into their software by default. If Apple can do it, why can't someone else?
What is the value of every message being encrypted if Apple can decrypt them at will? That's like locking your car door to keep the valet out, and then handing the valet your keys.
Of course its easy. But its also completely POINTLESS.
For starters, if we want GPG to be the default for encryption, why can't we have thunderbolt built in such a way that it includes GPG, Enigmail, and everything else? Why not have the default setup prompt to set up encryption, generating keys or restoring them if they don't already exist?
These are all good ideas.
And what's your plan to standardizing backup/recovery of keys?
I don't have the answer to that one. That's a hard problem.
Only if you assume that Apple is a burglar don't trust them with anything.
The point of end to end encryption is that if you trust the end points, you can afford NOT to trust the intermediary.
If you DO trust the endpoints, and they are the same entity as the intermediary then WHAT IS THE POINT OF IMPLEMENTING END TO END ENCYRPTION?
If you trust apple, then you trust apple. If you don't, then you don't. But what is the point of trusting Apple to provide the endpoints to provide you security against Apple compromising the comm channel in the middle? Apple doesn't EVER need to compromise the middle -- they already own the end points. So WHAT exactly are you accomplishing?
Realistically what am I going to do if I don't trust anyone? Even when I use Linux, I'm still trusting people. I didn't do a code audit myself.
Its not about absolute security. Its about identifying who you trust and who you don't.
If I trust mozilla to provide me end point encryption and I do not trust verizon or google. Then using mozilla endpoints to encrypt messages so that I can send them over a verizon communication channel to be stored on a google server, to be retreived by someone else using verizon, using a mozilla endpoint... that is all perfectly reasonable.
I trust mozilla, so they can 'touch' the encyrpted data. I don't trust verizon or google. So they can't. That's logical.
Likewise, if I decide to trust apple to provide my endpoints that's fine too. But who am I protecting it FROM? I just need transport layer security to get it to apple's servers over verizons network, and since I trust apple, that's good enough. What does end to end encryption get me? That I trust Apple but I don't trust Apple? How is that not irrational?
That person isn't running to Office Max/Staples to buy a replacement part that evening. (See the subject of the thread you are replying to. That gives us context.)
That person will go to an internet cafe or something do do the research, even if they have to hike for 2 days to get to one, and the replacement part will probably show up by float plane or snowmobile or camel a few weeks later. If they can't be down that long... they probably keep spares on hand.
And while I have multiple devices if it was my modem that went I'd lose access as I don't feel the need for a mobile internet connection.
Are you referring to standalone adsl or cable modem? In which case, what internet research for linux compatible replacement parts? You phone your ISP and say "my internet is down, fix it". And they send you a new modem or whatever.
Or are you telling me you run linux as your WLAN/LAN gateway to the internet via dial-up-networking? And none of your other devices have a dial up modem? And you couldn't figure out whether a replacement modem would work or not without access to the internet? Ok... sure... you sir, are a rare bird. Stop at the mcdonalds or starbucks on your way to officemax and use the free wifi.
Someone will get angry because I appear to be praising Apple, but take iMessage's encryption for example. Do people using it know that their messages are encrypted? Probably not. Are they given a choice? No. Do they know that they're generating encryption keys? Probably not. Are they asked to manage their own encryption keys? No.
Does trusting Apple to write your encryption software, manage your encryption keys for you, and handle your actual communications make any sense in the least?
I mean, yes, sure if you want to trust Apple.
But if your position is that you trust Apple not to intercept and monitor your data, and to refuse to cooperate with government entities not to intercept and monitor your data then all you need is some transport layer security to prevent someone 'not Apple' from monitoring it during transmission. So https/ssl/tls is all you need.
On the other hand, if you don't trust apple not to intercept and monitor your data, or you expect they will cooperate with government entities to intercept and monitor your data then you can't trust them to provide the end point software, or the encryption tools -- doublely so in a closed source manner where you can't even audit it.
There is no scenario where you can simultaneously NOT trust apple AND rely on their proprietary encryption solution at the same time. That's like trusting a burglar to set up your home security system; especially if you aren't even allowed to fully inspect it. Its plainly idiotic.
Email encryption needs to be that easy, or people won't use it.
Sadly I agree. Which is why people don't use it.
But for it to be that trustWORTHY, it has to built from the ground up with that goal in mind. It HAS to be open source, it has to be deterministically buildable, it has to be auditable, it has to be distributed and peer to peer system with no point of central compromise. The whole system has to be open and monitored by multiple parties.
Thus while it -can- exist if enough people want it, it CAN'T be a solution built and distributed and run by a single corporate entity.
Being that your computer is down, you are unable to research what you should get
This was true for me in the 90s In 2014 I probably have 10 different internet devices in the house between consoles, phones, tablets, laptops, etc. Sure I'm on the high side of things, but even my parents on both sides have at least 4-5 devices each. My 80 year old grandmother I think might have just one... but she's not going to be researching hardware for her linux desktop build by herself either.
Who today is a linux enthusiast and would really not have any internet access if their computer went down because they only have one device that can browse the internet?
They also have an app for Windows 8, albeit it's a metro app
Yup. That's what I use for Netflix. The fact that its a metro app is not a bad thing either. Full screen with no borders, title bars, by default. Good 10-foot user interface. That's what I want on a TV.
Its one of the few metro apps I use, but its one of the few scenarios where a metro app actually makes sense.
In theory, Google can be forced to push out an add-on that slurps up private keys and uploads them. However, no solution is 100%, and anything is better than nothing.
The best solution is to have a MUA, (not a Web browser... a dedicated MUA that isn't a general purpose renderer) handle all E-mail, with separate modules that don't autoupdate that handle PGP/gpg and other encryption
Precisely.
The fundamental basis of end-to-end encryption is that the endpoints are trustworthy.
Autoupdating chrome, autoupdating chrome extensions, and web applications (where updates can be streamed to you in real time as you use them) are all inherently not trustworthy.
However, anything is better than nothing,
The only thing worse than knowledge that you are insecure enabling you to behave accordingly, is a false sense of security so that you don't.
and this will do a decent job at protecting against intrusion internally.
End to end encryption is about protecting against intrusion between the end-points. The idea is that the contents are secure from anything that touches the data between the endpoints. But anything that touches the end points is a threat. I don't know what you mean by "protecting against intrusion internally" but it sounds like protection from, say, your employer or spouse or something. As these parties have access to the endpoint and can install software to capture the content before encryption / after decryption you are not safe from them.
This is also PRECISELY why you can't trust google to provide the endpoints if you want to be secure FROM google.
a) you can't log into gmail from a different computer unless you brought your keys with you, because they don't have them; if you lose your keys, your hosed.
b) you can't search your gmail, because for them to index your mail box, they'd need to be able to decrypt it.
c) they can't data-mine your gmail, because, again, they can't read it.
I'm having hard time believing that they've actually done this?
And if they have done it, I have a hard time believing it will do anything to increase the use of end-to-end encrypted mail because of the loss of b) above.
And as others have pointed out; it still requires you to trust Google as they provide you both Chrome and the extension.
I can't advise trusting a program that pushes out a new version of itself every few weeks; or an extension that expects to be able to autoupdate on its own schedule. Its at least open source which is good, but if you are demanding end to end encryption and willing to forgo being able to search your mailbox to get it then you probably want better control over the binaries you are using for these mail transactions than 'whatever google update sends down the pipe'
let me introduce you to this little drug called 'alcohol', and his friends caffeine & nicotine
Let me introduce you to water and the effect of water intoxication, a potentially fatal disturbance to brain functioning that results from drinking too much water.
Anything is toxic in sufficient quantities. What matters is dose, abuse factors, and so on. While one can abuse ANYTHING a morning cup of coffee is NOT the same thing as taking LSD.
Alcohol, caffeine etc are also both 'traditional' and 'natural'. That's not to say they are less potent per se, but it is not inconsistent or wrong for society to have different acceptance of alcohol vs lsd simply due to the history. Alcohol has a long and respected history - craftsman making beer, wine, scotch etc compete over taste not 'how drunk you get'. There is a long and well respected culture behind it.
LSD has no such traditions. Its just a chemical to get you high. It has medicinal value -- and I'd support making it a prescription drug. But there's no reason to sell LSD next to the pop at 7-11.
If alcohol were 'invented' today, sure we might well make it a prescription drug, but it wasn't, so its not, and its got all this other stuff going on. So it gets special treatment... that's life.
Coca- Cola says consumers have drank Pepsi by mistake in the past.
At least that's actually true. I've ordered Coke, and been served Pepsi without being told. I don't really like Pepsi. And I generally realize its wrong after the first sip. I don't make a stink about it, but had I known they were going to serve me Pepsi, I'd have switched the order to 7-up.
I'm sure sure lots of people order a 'Coke' and just mean 'cola' and don't care what gets brought to them.
But I doubt anyone has ever mistakenly ordered "Pepsi" when they actually deliberately meant to get a "Coke".
Slashdot Mirror
Exactly -- we are in agreement.
Children are assumed to lack the capacity to make intelligent decisions for their well-being
This isn't about 'the children'. If they used lead paint in coffee mugs marketed to adults that would be just as much a problem. The issue isn't that an adult lacks the capacity, its that even if they have the capacity the onus shouldn't be on them to have to check if a coffee mug was made with lead paint.
Do I really care how well-maintained the transport car is?
I certainly do.
Why does it need to exceed rules established for cars in general?
To use your words:
" because the assumption is they can adequately assess the risks, and have the right to decide accordingly." applies fine for MY car, driving me around.
But I can't adequately access the condition of YOUR car, which I've hired to drive me around.
Are poorly maintained vehicles as much of an issue with modern automobiles as it was when the law was passed?
Dare we attribute some of the improvement to the regulations mandating the improvement?
Does the ability of users in Uber and Lyft to rate drivers completely solve the problem since they can vote down drivers with unpleasant or unreliable rides?
Of course not. Random 'Other passengers' are not qualified to asses whether the car is a deathtrap.
Would it possibly make more sense to transition to a system in which passengers carry insurance instead of drivers?
Think about it. No.
The situation is simply not the same as it was when these laws were passed. Back then, these laws provided possibly needed solutions.Now, if the problems they were intended to solve even exist, there may be better solutions.
Perhaps. But 'maybe' isn't a reason to just ignore all the regulations. Each one should be assessed and argued independently of the rest. You can't say "maybe we don't need it", and then start ignoring it. The 'taxi medallion' system in place in some places i think one could easily argue AGAINST. The premise that vehicles that are used to transport people commercially should be inspected for safety and insured for what they are used for is easily argued FOR.
The question is whether the state is going to step in and forbid citizens from pursuing these solutions, on the premise the state is once-and-always-correct, or if we are going to let citizens experiment and make their own decisions.
False dichotomy. There are plenty of other middle roads.
Taxicab operating licenses, or medallions, are traded on a free market for upwards of $100,000 in many large urban areas. The rich capitalists who hold onto these employ minimum wage people who lease the right to use medallions and the cars.
Agreed. this is a real problem, that does need to be resolved in places that have it.
Uber and Lyft are disruptive in the sense that they enable anyone who can afford a car to work, which potentially could invalidate the worth of those medallions to rich people who own them.
And I'm fine with letting them compete; and think the medallion monopolies should be disrupted, but a lot of the regulation in place is good and uber etc do need to meet them.
And before we go half cocked about 'enable anyone who can afford a car to work' we need to think about what that means -- because you are right they now ARE working. So is uber their employer? Are drivers *really* independent contractors?
I mean, how can I find out about my friends unless they report up to some big corp?
For me, the real question is
"Why would I have people using this service as friends?"
Besides, outside of very limited domains I wouldn't value my friends reviews of products on amazon for example. And it would be far more trouble for me to tag them as friends, and then tag them as 'experts' in something, and then hope that they reviewed precisely what i was interested in... ? And that's assuming I'd be bothered to sign up for an account in the first place, which is unlikely in the extreme.
No, like you, I would just call them.
No, I've never used uber, but I've talked to a couple people now whose spouse / significant other was doing some driving as they were otherwise unemployed or whatever and I asked what the car insurance situation was like for that. Like I said, I'd driven pizza as a kid, and the bump from 'pleasure or two and from work within 10 miles" to "commercial delivery vehicle" was pretty severe -- I would only imagine that whatever was needed for "commercial delivery vehicle for people" was even higher than it was "for pizza".
I mostly got blank stares back, and told they hadn't done anything special.
Bullshit. Uber/Lyft is simply an unlicensed cab dispatched via a phone app.
I'm not actually sure where we disagreed?
The cowardly, terrified cry that no one, clearly, can possibly understand what they're doing. Oh, no.
Doesn't matter if I know that lead paint is dangerous to children licking the toys.
a) I dont' want to have to read the materials manifest for every toy marketed to kids I buy. I don't want to have to dismantle it and make sure the electrical is well engineered to prevent shocks.
b) Even if you KNOW the risks of lead paint, that doesn't do you any good if you don't know lead paint was used. Do I now have to send every toy I buy to a chemist to analyze?
This isn't wah-wah I need the nanny state to protect me from my own stupidity, this is I want to live in a country where if a toy is marketed as suitable for a 3 year old, that it actually contains no small sharp parts or is made of hazerdous toxic materials or is likely to explode, without me having to personally vet them all.
Could someone explain what the difference is between taking a cab and carpooling when the driver expects to receive compensation for the ride?
Its the same as the difference between:
"getting together with some friends for a BBQ, and all throwing $50 the host to help split the cost of the steak and booze they picked up"
versus
"getting together with some friends for a BBQ, and hiring a caterer."
Can you really not see a difference?
Oh, I didn't realize that the taxis of yore carried continuously updated ratings and reviews from each and every passenger.
So now the number likes you have on facebook means I can trust you? The reputation system of Uber is a good idea, but 'other passengers' are hardly qualified to assess the mechanical condition of the vehicle, or the insurance held by the driver. Its good if I want to know if he speaks Chinese, is friendly, talks too much, or if I want to hear long winded complaints about how the previous passenger must have worn too much perfume that triggered an allergy attack but the driver got him to the hospital efficiently so A+++.
Also, why can't insurance companies start offering "Passenger Plans" for the wary consumer?
Really? So if you get sick at a restaurant, the restaurant shouldn't have any liability or insurance; you were suppose to have your own 'diners insurance'?
Fool; your mind is a fossil. Please, get out of my way.
That's the best you've got? The existing taxi system has lots of room for improvement and competition, and there is some regulatory capture (corruption even) but pretending uber is all rainbows and unicorns from the knights of good is a bit myopic too.
EVERY Uber ride I've ever had has been in a nicer and better-maintained car than any cab I've ever been in in my life.
a) Then UBER should have no trouble meeting the requirements establishing that the cars are in fact safe
b) No idea where you live / travel, but I've never been anything but clean and excellently maintained cabs.
AFAIK, Uber guarantees insurance on all of their drivers as well.
Sure they do. To a faction of the limit than the state requires.
Meanwhile most Uber drivers I've met are effectively operating their vehicles as cabs, but are insuring them as pleasure and commuter cars.
People are voting with their dollars and their feet EVERYDAY.
And people would buy toys with lead paint in them too if the price was low and they weren't aware of the risks of lead paint. Does that mean the regulations preventing them are wrong?
Similarly people will get into a car operated by a driver without sufficient insurance or any gaurantee that the vehicle is operating correctly and safe, and if its cheaper they won't care either... at least... until there is an accident.
Which is how the regulations came into effect in the first place -- the public was tired of getting into cabs that weren't insured or maintained properly.
The public seems to have a very short memory.
Close
1) it should be a USB port not an AUX port. (If I'm using a flash drive it should just plug in. If I'm using a phone / ipod / whatever I want it to charge up)
2) It should have physical play / pause / skip / and volume controls.
Several years ago I installed one of these:
http://www.dfwcamper.com/drupa...
Play/pause, skip are simple. The volume 'knob' is brilliant.
The display is gorgeous, (album art, track, album, song, etc). These days I just have an old 30GB ipod classic in the glovebox attached to it; that I only ever need to touch every few months to add new music, update playlists etc.
It has controls to browse and select playlists, albums, songs etc; but the UI for that isn't as good as it could be. Adequate but not 'ideal'.
Still, its pretty much by far the best in dash deck I've ever used; and I've moved it from car to new car a few times. Its in my wifes car now, as my newest car has a 'too proprietary' dash system to use it easily (fiber optics to the amplifier, low impedence speakers, and the existing radio is on the 'system bus' and the car apparently gets all cranky if you disconnect it... not insurmountable, but $$ and a PITA to get around. So in that car I'm using the 'aux' port -- but I'm seriously missing the ipod charging, and the dash controls for play/pause/skip. So I have to keep the ipod within rach. (At least the old ipods had physical buttons so you can operate them by touch)
But Apple isn't the same entity as the intermediary. Apple is involved with both endpoints by providing the hardware and software, but there's a cell tower, whatever service provider you have, whatever network connections are in between, whatever storage exists to ensure delivery even if the end point isn't currently available, whatever service provider the other person has, and another cell tower on the other end. Assume I trust Apple. I still don't trust all that stuff in the middle, particularly the cell phone and cell tower broadcast that anyone near that tower can pick up.
Which is why you need transport layer security, like https/ssl/tls. You don't need or benefit from "end to end encryption". I already wrote this in my original post.
So in your second example, if I trusted Mozilla *and* Google, but not Verizon, I don't need to bother with the extra security, just use SSL?
Bingo. And that is the world most of us live in. We trust the browsers/clients we use and we trust the services we deal with (be it google, dropbox, the bank), but we don't trust the commchannel and want to be secure from our data being overheard between the trusted endpoints. (Whether that trust, especially in the service endpoints has been misplaced is a separate issue, but that IS the trust model.)
And what if I trust the code Apple wrote, and the general security surrounding the encryption keys by Apple, but I don't trust that a third party never has access to the server Apple is using?
That's an interesting position. I suppose it does change things. But it it a rational position to hold? Why do you trust that a 3rd party never gets to tamper with the client, but has free access to the server?
I concede it does amount to a net reduction in the attack surface; since there are 'fewer' places to attack. And I agree a reduction in the attack surface is a genuine benefit to the security.
In terms of a malicious Apple or a coerced Apple you are still out of luck, and end-to-end encryption gets you nothing.
But in terms of Apple itself being the victim of an opportunistic attacker who is able to compromise Apple in some partial but incomplete way then, in that scenario, yes, apple's end to end security was better than not having it.
So I will revise my position; a single entities proprietary end to end encryption is the most worthless end-to-end encryption one can possibly have. But it IS better than not having it at all.
Is that fair? :)
Copyright law is mostly there. It specifically allows for incidental copies made to use software for example. So you don't need a separate license to move it from the CD to the hard drive, from the hard drive to the drive controller cash, to RAM, to L1 cache, to L2 cache, and to video memory, along with the copy that gets shunted to the backup tape system at night....
That all media should be extended the same incidental copyright exclusion should be a nobrainer, but yeah, until its settled we get idiots thinking the image on screen is infringement, the image in your browser cache is infringement, and by golly, and if ~thats~ not infringement, then its surely infringment when you do a complete PC back up that night and your browser cache ends up duplicated onto your external USB drive along with everything else. You dirty criminal.
Good on the EU court for setting a precedent.
But my point wasn't that we should trust Apple.
Except that's exactly what it is.
My point was that Apple managed to create an encryption scheme for messaging that results in every message being encrypted, without the user being expected to do special configuration and key management, and it's baked into their software by default. If Apple can do it, why can't someone else?
What is the value of every message being encrypted if Apple can decrypt them at will? That's like locking your car door to keep the valet out, and then handing the valet your keys.
Of course its easy. But its also completely POINTLESS.
For starters, if we want GPG to be the default for encryption, why can't we have thunderbolt built in such a way that it includes GPG, Enigmail, and everything else? Why not have the default setup prompt to set up encryption, generating keys or restoring them if they don't already exist?
These are all good ideas.
And what's your plan to standardizing backup/recovery of keys?
I don't have the answer to that one. That's a hard problem.
Only if you assume that Apple is a burglar don't trust them with anything.
The point of end to end encryption is that if you trust the end points, you can afford NOT to trust the intermediary.
If you DO trust the endpoints, and they are the same entity as the intermediary then WHAT IS THE POINT OF IMPLEMENTING END TO END ENCYRPTION?
If you trust apple, then you trust apple. If you don't, then you don't. But what is the point of trusting Apple to provide the endpoints to provide you security against Apple compromising the comm channel in the middle? Apple doesn't EVER need to compromise the middle -- they already own the end points. So WHAT exactly are you accomplishing?
Realistically what am I going to do if I don't trust anyone? Even when I use Linux, I'm still trusting people. I didn't do a code audit myself.
Its not about absolute security. Its about identifying who you trust and who you don't.
If I trust mozilla to provide me end point encryption and I do not trust verizon or google. Then using mozilla endpoints to encrypt messages so that I can send them over a verizon communication channel to be stored on a google server, to be retreived by someone else using verizon, using a mozilla endpoint... that is all perfectly reasonable.
I trust mozilla, so they can 'touch' the encyrpted data. I don't trust verizon or google. So they can't. That's logical.
Likewise, if I decide to trust apple to provide my endpoints that's fine too. But who am I protecting it FROM? I just need transport layer security to get it to apple's servers over verizons network, and since I trust apple, that's good enough. What does end to end encryption get me? That I trust Apple but I don't trust Apple? How is that not irrational?
Someone not in the first world?
That person isn't running to Office Max/Staples to buy a replacement part that evening. (See the subject of the thread you are replying to. That gives us context.)
That person will go to an internet cafe or something do do the research, even if they have to hike for 2 days to get to one, and the replacement part will probably show up by float plane or snowmobile or camel a few weeks later. If they can't be down that long... they probably keep spares on hand.
And while I have multiple devices if it was my modem that went I'd lose access as I don't feel the need for a mobile internet connection.
Are you referring to standalone adsl or cable modem? In which case, what internet research for linux compatible replacement parts? You phone your ISP and say "my internet is down, fix it". And they send you a new modem or whatever.
Or are you telling me you run linux as your WLAN/LAN gateway to the internet via dial-up-networking? And none of your other devices have a dial up modem? And you couldn't figure out whether a replacement modem would work or not without access to the internet? Ok... sure... you sir, are a rare bird. Stop at the mcdonalds or starbucks on your way to officemax and use the free wifi.
Someone will get angry because I appear to be praising Apple, but take iMessage's encryption for example. Do people using it know that their messages are encrypted? Probably not. Are they given a choice? No. Do they know that they're generating encryption keys? Probably not. Are they asked to manage their own encryption keys? No.
Does trusting Apple to write your encryption software, manage your encryption keys for you, and handle your actual communications make any sense in the least?
I mean, yes, sure if you want to trust Apple.
But if your position is that you trust Apple not to intercept and monitor your data, and to refuse to cooperate with government entities not to intercept and monitor your data then all you need is some transport layer security to prevent someone 'not Apple' from monitoring it during transmission. So https/ssl/tls is all you need.
On the other hand, if you don't trust apple not to intercept and monitor your data, or you expect they will cooperate with government entities to intercept and monitor your data then you can't trust them to provide the end point software, or the encryption tools -- doublely so in a closed source manner where you can't even audit it.
There is no scenario where you can simultaneously NOT trust apple AND rely on their proprietary encryption solution at the same time. That's like trusting a burglar to set up your home security system; especially if you aren't even allowed to fully inspect it. Its plainly idiotic.
Email encryption needs to be that easy, or people won't use it.
Sadly I agree. Which is why people don't use it.
But for it to be that trustWORTHY, it has to built from the ground up with that goal in mind. It HAS to be open source, it has to be deterministically buildable, it has to be auditable, it has to be distributed and peer to peer system with no point of central compromise. The whole system has to be open and monitored by multiple parties.
Thus while it -can- exist if enough people want it, it CAN'T be a solution built and distributed and run by a single corporate entity.
Being that your computer is down, you are unable to research what you should get
This was true for me in the 90s In 2014 I probably have 10 different internet devices in the house between consoles, phones, tablets, laptops, etc. Sure I'm on the high side of things, but even my parents on both sides have at least 4-5 devices each. My 80 year old grandmother I think might have just one... but she's not going to be researching hardware for her linux desktop build by herself either.
Who today is a linux enthusiast and would really not have any internet access if their computer went down because they only have one device that can browse the internet?
They also have an app for Windows 8, albeit it's a metro app
Yup. That's what I use for Netflix. The fact that its a metro app is not a bad thing either. Full screen with no borders, title bars, by default. Good 10-foot user interface. That's what I want on a TV.
Its one of the few metro apps I use, but its one of the few scenarios where a metro app actually makes sense.
Who is "John Oliver"?
Probably most famous for being one of Jon Stewart's Daily Show regular correspondants, and guest host while Stewart was off directing his movie.
Since then he's left the Daily Show to pursue his own thing; much like Stephen Colbert; and while not as famous as Colbert, he's very well known.
In theory, Google can be forced to push out an add-on that slurps up private keys and uploads them. However, no solution is 100%, and anything is better than nothing.
The best solution is to have a MUA, (not a Web browser... a dedicated MUA that isn't a general purpose renderer) handle all E-mail, with separate modules that don't autoupdate that handle PGP/gpg and other encryption
Precisely.
The fundamental basis of end-to-end encryption is that the endpoints are trustworthy.
Autoupdating chrome, autoupdating chrome extensions, and web applications (where updates can be streamed to you in real time as you use them) are all inherently not trustworthy.
However, anything is better than nothing,
The only thing worse than knowledge that you are insecure enabling you to behave accordingly, is a false sense of security so that you don't.
and this will do a decent job at protecting against intrusion internally.
End to end encryption is about protecting against intrusion between the end-points. The idea is that the contents are secure from anything that touches the data between the endpoints. But anything that touches the end points is a threat. I don't know what you mean by "protecting against intrusion internally" but it sounds like protection from, say, your employer or spouse or something. As these parties have access to the endpoint and can install software to capture the content before encryption / after decryption you are not safe from them.
This is also PRECISELY why you can't trust google to provide the endpoints if you want to be secure FROM google.
So... if google doesn't have the keys, then
a) you can't log into gmail from a different computer unless you brought your keys with you, because they don't have them; if you lose your keys, your hosed.
b) you can't search your gmail, because for them to index your mail box, they'd need to be able to decrypt it.
c) they can't data-mine your gmail, because, again, they can't read it.
I'm having hard time believing that they've actually done this?
And if they have done it, I have a hard time believing it will do anything to increase the use of end-to-end encrypted mail because of the loss of b) above.
And as others have pointed out; it still requires you to trust Google as they provide you both Chrome and the extension.
I can't advise trusting a program that pushes out a new version of itself every few weeks; or an extension that expects to be able to autoupdate on its own schedule. Its at least open source which is good, but if you are demanding end to end encryption and willing to forgo being able to search your mailbox to get it then you probably want better control over the binaries you are using for these mail transactions than 'whatever google update sends down the pipe'
let me introduce you to this little drug called 'alcohol', and his friends caffeine & nicotine
Let me introduce you to water and the effect of water intoxication, a potentially fatal disturbance to brain functioning that results from drinking too much water.
Anything is toxic in sufficient quantities. What matters is dose, abuse factors, and so on. While one can abuse ANYTHING a morning cup of coffee is NOT the same thing as taking LSD.
Alcohol, caffeine etc are also both 'traditional' and 'natural'. That's not to say they are less potent per se, but it is not inconsistent or wrong for society to have different acceptance of alcohol vs lsd simply due to the history. Alcohol has a long and respected history - craftsman making beer, wine, scotch etc compete over taste not 'how drunk you get'. There is a long and well respected culture behind it.
LSD has no such traditions. Its just a chemical to get you high. It has medicinal value -- and I'd support making it a prescription drug. But there's no reason to sell LSD next to the pop at 7-11.
If alcohol were 'invented' today, sure we might well make it a prescription drug, but it wasn't, so its not, and its got all this other stuff going on. So it gets special treatment... that's life.
Pretty sure you reading it wrong. You can get a copy of it for free as a developer; presumably to play with it, maybe develop free plugins for it etc.
I certainly don't read it as being free for you to make animation for commerial apps. (regular paid apps, freemium, or ad supported)
Coca- Cola says consumers have drank Pepsi by mistake in the past.
At least that's actually true. I've ordered Coke, and been served Pepsi without being told. I don't really like Pepsi. And I generally realize its wrong after the first sip. I don't make a stink about it, but had I known they were going to serve me Pepsi, I'd have switched the order to 7-up.
I'm sure sure lots of people order a 'Coke' and just mean 'cola' and don't care what gets brought to them.
But I doubt anyone has ever mistakenly ordered "Pepsi" when they actually deliberately meant to get a "Coke".