Though we'll face some risks from our own governments, it's a relief to know at the Dutch government would have no problem with me selling kiddie porn (as long as it was made in America) to Dutch citizens. "No crime happened here, within our jurisdiction," they'd say.

In fact, the Dutch government should tolerate our new businesses even more than this NSA thing, since the victims (whereever their rights were violated) won't even be Dutch citizens. No Netherlander will have any reason to say their government let them down.

If the drive's software were flashable (the device could be updated with different software) and the software were Free Software, there would be no reason to fear Intel's connection to the NSA. Users would have the freedoms they need to make sure the software does what they want it to do. Proprietary encryption, no matter who writes it or distributes it, is always untrustworthy for the same reason proprietary software is untrustworthy—you don't really know what it's doing and neither does anyone you can trust to help you understand what it's doing. Furthermore you can't make it do what you want and you can't help others by distributing improved versions that respect other user's freedoms.

The cursing thing *might* have come from a bit of reverse semitic paranoia. In some far out fundamentalist theologies- Jews are actually revered and considered *closer* to God than Christians ( a strict literal interpretation of the events of the Pentateuch).

Oddly enough, I've noticed this in non-fundamentalist forms of Christianity as well, especially my own Catholicism. There is a reason why Pope Benedict XVI forbade the sacred name from being spoken in Mass, out of respect for our older brethren, and why a good deal of 20th and 21st century theology has been devoted to the consideration of Christianity as a sect of Judaism.

Had a girl who acted like this in my wife's daycare. One day, due to misbehaving, I put her in what we call a "Daddy time out", which is one of the more serious corrective actions we take (spanking's not allowed in our state, and you can even get your own kid taken away). Instead of sitting with me on the couch, she spent the whole four minutes (a minute per year of age) standing ramrod straight, as if I was about to do something to her.

I found out later she had been abused, and her mother had converted to fundamentalist Xianity to get her some free counseling. Due to my Daddy Time Out and her reaction to it, she was removed from the daycare soon after, presumably to one run only by women.

Thanks for the insult. It hardly stung.

Unless you worked at Netscape in the mid-1990s, no insult was intended.

All I meant is that by the very early 1990s, we (and by "we" I mean people smarter than me; I was clueless at the time) had a pretty good idea that CAs wouldn't work well outside of real power hierarchies (e.g. corporate intranets). But then a few years later the web browser people came along and adopted X.509's crap, blowing off the more recent PKI improvements, in spite of the fact that it looked like it wouldn't work well for situations like the WWW.

Unsurprisingly, it didn't work well. Organizing certificate trust differently than how real people handle trust, 1) allows bad CAs to do real damage, and 2) undermines peoples' confidence in the system.

A very nice way of saying this, is that in hindsight, the predicted problems are turning out to be more important than we thought most people would care about. ;-) It's almost as though now (no fair! you changed the requirements!!) people want SSL to be secure.

Keeping the same organization but with new faceless unaccountable trust-em-completely-or-not-at-all root CAs won't fix the problem. Having "root CAs" is the problem, and PRZ solved it, over 20 years ago.

I expect you to start the project shortly.

It's a little late to start, but I do happen to still be running an awful lot of applications (web browser being the most important one) which aren't using it yet.

He was obviously talking about building your own hardware. Did you really think his parts list of "A small controller, an LCD display and a keyboard," was in reference to writing an alternative to OpenBSD?

How does Diffie-Hellman key exchange provide identification of the other party? .. It is not possible to determine who the other party is

It's possible. It requires an extra piece beyond the DH, but that extra piece isn't PKI. The user is the trusted introducer. The user looks around and says "Yep, these are the only two devices physically here that I have ordered to peer, right now." They are identified by being in the right place at the right time, triggered by the user saying "Now." That's a pretty good way to do things unless you're just totally surrounded by spies.

It's a small part, but it's a part. I think Snowden has done his fair share of trying to inform laymen and stir up giving-a-fuck. If he wants to switch to working on tech, he could accomplish nothing and still come out far ahead of the rest of us. ;-)

The existence of a decent open-source router can't do much against a U.S. National Security Letter.

While we certain should care enough to force our government to stop being our adversary, there will always nevertheless be adversaries. You have to work on the tech, too. Even if you totally fixed the US government, Americans would still have to worry about other governments (and non-government parties, such as common criminals, nosey snoops, etc), where you have no vote at all. You will never, ever have a total social/civic solution which relies on, say, 4th Amendment enforcement to keep your privacy. I'm not saying your chances are slim; I'm saying they're literally 0%.

Furthermore, getting our tech more acceptable to layment acually would correct some of the problems inherent with NSLs, improving the situation even in a we-still-don't-give-a-fuck society. If you do things right, then the person they send the NSL to, is the surveillance target. The reason NSLs (coercion with silence) works is that people unnecessarily put too much trust into the wrong places.

For example, Bob sends plaintext love letters to Alice, so anyone who delivers or stores the love letters, can be coerced into giving up the contents. OTOH if they did email right, then if someone wanted to read the email Bob sent to Alice, they'd have to visit Bob or Alice. That squashes the most egregious part of NSLs, where the victim doesn't even get to know they're under attack.

That's true whether we're talking about email, or even if Bob and Alice get secure routers and VPN to each other. One of them gets the NSL ordering them to install malware on their router.

A nice step ahead would be the establishment of a new set of root certificates...

The lesson of CA failure is that there shouldn't be root authorities. Users (or the people who set things up for them, in the case of novices) should be deciding whom they trust and how much, and certificates should be signed by many different parties, in the hopes that some of them are trusted by the person who uses it.

If you want to catch up to ~1990 tech, then you need to remove the "A" in "CA."

Clicked (thought submitter screwed up the link and linked to a page that links to the article, rather than linking to the article), expecting to find a story about a forgotten A2000: maybe someone walked into an office in 2014 and saw that one was in use. Or someone knocked down a wall in 2014 and found one bricked up but still powered up. Instead, found a page telling everyone what A2000s are. Duh. Where's the "forgotten" part? All that I can tell that was forgotten, is that the writer forgot his elementary school spelling and punctuation lessons.

It's amazing how much the population is willing to accept, provided that they have no say in the matter.

Green Card Lottery 1994 May Be The Last One!
THE DEADLINE HAS BEEN ANNOUNCED.
The Green Card Lottery is a completely legal program giving away a
certain annual allotment of Green Cards to persons born in certain
countries. The lottery program was scheduled to continue on a
permanent basis. However, recently, Senator Alan J Simpson
introduced a bill into the U. S. Congress which could end any future
lotteries. THE 1994 LOTTERY IS SCHEDULED TO TAKE PLACE
SOON, BUT IT MAY BE THE VERY LAST ONE.

PERSONS BORN IN MOST COUNTRIES QUALIFY, MANY FOR
FIRST TIME.

The only countries NOT qualifying are: Mexico; India; P.R. China;
Taiwan, Philippines, North Korea, Canada, United Kingdom (except
Northern Ireland), Jamaica, Domican Republic, El Salvador and
Vietnam.

Lottery registration will take place soon. 55,000 Green Cards will be
given to those who register correctly. NO JOB IS REQUIRED.

THERE IS A STRICT JUNE DEADLINE. THE TIME TO START IS
NOW!!

For FREE information via Email, send request to
cslaw@indirect.com

--

Canter & Siegel, Immigration Attorneys
3333 E Camelback Road, Ste 250, Phoenix AZ 85018 USA
cslaw@indirect.com telephone (602)661-3911 Fax (602) 451-7617

I once was serenaded by infomercials (45 minutes long) when I tried to view some videos on their site. Yes, there's a skip buttion.

"First, let me say that I was talking about workplace harassment."

For a Roman Catholic Priest, the Church is his workplace, the congregation his customers, the Bishop is his management. For an extremely bad Roman Catholic Priest, it is a very bad idea for the customers to complain to the management about sex abuse. It is in fact the direct cause of the scandal, that the misconduct was reported to the Bishop and not to the police.

There is a lesson in that for any organization.

" People can always call the police (or file a lawsuit), and obviously if your organization covers for harassers then that's the next step. "

It is a safe assumption that all organizations WILL cover for the harassers, because as you point out,
"escalating to the courts is expensive, time-consuming, embarrassing" for the organization, and in the end, the organization only cares about what is profitable for the organization.

But if we fail to do it, we merely perpetuate the rape culture.

Users agree: adding a progress bar makes a thing faster.