Google gets no hits on that phrase. Yours?

I suspect you're talking about some other DES.

It wasn't RSA. They trusted the NSA, with good reason. The NSA had earned the trust of just about everybody in the community by improving DES with changes nobody understood until fifteen years later.

Then someone figured out that the way this new RNG is set up, the constants the NSA chose *could be* the public half of an asymmetric key, and if so the RNG's state could be read with very little effort by anyone in possession of the private half. There is no mathematical way at all to tell whether this is the case, but apparently something in the Snowden documents at least strongly suggests the NSA did know about it and did use it.

It's important to highlight that this isn't the kind of weakness anyone _else_ can take advantage of; a blackhat would still have to discover their private key, the exact same problem he was facing before. The NSA are apparently not dumb enough to rely on keeping math a secret.

But it seems every successful security service forgets the basic lesson: set up a system with unchecked power, the scum of the earth will eventually take notice. From that moment they'll dedicate their lives to getting control of it. They'll eventually succeed.. Snowden took advantage of criminally slack security in the NSA. Just the the fact that he could reveal the documents he revealed is proof the NSA have already gotten arrogant and sloppy, never mind what's in them.

Because we as a species are still developing our technical chops. What's the alternative, the war machine? Go ahead, show the world anything that produced the human race can be proud of, then go get yourself to high altitude or deep desert or far enough offshore and look at the night sky. We've got a toehold in _that_.

Please don't make the ridiculous assumption that there was EVER some uniform spoken language that people were supposed to understand.

ALL people are unique and interpret language according to their own experiences and their own characteristics. There was never a situation where two people shared a common language. so please don't propagate this myth that writers are supposed to target a common standard. There will never be a common standard since all readers will be different.

Authors should always target your work for individual audiences, since every browser is different, and will be forever.

Pro-tip: It is fine to ignore 80% of the browser audience if that means 20% are going to have an increased loyalty to your product because you did something extra for them. The worst thing is for 100% of the audience to find your words merely ok.

If you want to know why they shouldn't present honest results, it looks like you;'re going to have to ask them, because it seems they didn't. Until they explain why, the usual reason people put their thumb on the scale is that they know they can't win honestly.

There are decades of case law on fair use. In a field where clearly satisfying even two criteria has been enough to establish fair use, OP's suggested use nails every criterion. it's a work only valuable as part of an ongoing enterprise, not being put to anything remotely similar to that use, depriving no one of any legal valuable interest, using only enough of it to establish actual authorship, in private, to someone with no interest at all in the work itself, who furthermore does not retain a copy. I doubt it's possible to even imagine stronger case.

The notion that copyright is some sort of "property" was only recently insinuated into the public consciousness, when the rent-seekers finally managed to snooker a body new enough and naive enough not to reject it as centuries of actual governments have done, viz. the United Nations. That success has been leveraged shamelessly.

Microsoft has a very long history of doing exactly that, when given the chance. Why do you think this time it'd be different? Be specific.

They're not even remotely alone in this. How best (most ethically, least damaging pick any reasonable metric) to proceed in the face of wagon-circling, timewasting defensiveness has been hotly debated in whitehat circles for many years now. Ormandy's behaving as if his considered conclusion is that they will stall and deny and ignore again, leaving this vulnerability unpatched for the entire duration.

Secrets that cost substantially less to discover than the value of whatever they're protecting are merely "obscured". That's the difference between a quantitative difference and a qualitative one, when different words apply. An atmospheric vortex that's too weak to damage anything of value is a dust devil. A vortex strong enough to rip houses apart is a tornado. See? A large enough quantitative difference becomes qualitative. "Large enough" generally involves orders of magnitude. Just hoping nobody deciphers your corporate login's minified .js or throws a fuzzer at your kernel isn't going to cut it.

"Shoot the messenger" actually works when the messenger and the miscreant are the same, or the miscreant cares and know you'll shoot. They're a team -- and if they're supposed to be on your team, then you've got a right to be angry. But when a white hat tells you about a breach, he's the messenger, but the messenger is not the miscreant. Him telling you rather than selling it to the highest bidder actually does put him on your team ... unless what you're trying to protect isn't what the actual system is ostensibly there to protect, but is instead your image.