I'm not saying Kim is the one who shouldn't be trusted. I'm saying the implementation cannot be considered to be 'encrypted'. If the operator has the ability to decrypt the contents of the cloud-shared files, then the content is subject to national security letters, snooping, hacking, etc. If the operator of Mega has to be trustworthy, then the implementation can't be trusted because the operator is the easiest part of the architecture to compromise.

This is a very telling quote--

As a result of this and a number of other confidential issues I don't trust Mega anymore. I don't think your data is safe on Mega anymore.

If his implementation of Mega was dependent on the 'trustworthiness' of the operators, then it was never truly encrypted. Nor should we expect his next iteration of cloud filesharing to be fully encrypted.

This person lacks the credibility to comment on any topic relevant to Slashdot's readers. I am surprised and disappointed that this "ask-me-anything" was published on Slashdot.

It's almost like the Jon Katz Afghanistan article, but with a dress.

Your audit of OpenSSL has already contributed back to the Open Source community, whether voluntary or not.

Jim,

If this were a turf war, the spoils of the compromise would not have been laid out on the lawn for the world to see. The contents would have been used against the Hacked Team to disrupt their business and then added to the attackers own product catalog. In this scenario the market value of the stolen intellectual property has been nullified.

What are all those scientists, engineers and business experts at a huge multinational corporation thinking?

Probably they're thinking, "I really like this paycheck. The product we're developing has no chance of gaining traction in the marketplace, but that's my boss' fault for coming up with this idea in the first place."

Do you really think those people are going to argue with management that they shouldn't have a job developing this concept?

Dan's completely accurate here. It makes me wonder if this (avoiding 'I' and using 'we') isn't the type of product that comes from Crisis Management PR firms who are brought in by CEO's in similar situations. As a consultant, their #1 goal is to please the person who signs their paychecks. When they craft apologies like this, the priorities might not be so much to soothe the audience as it is to present the boss with a response that's palatable to the boss. It would be unnatural for them to go into a meeting and kick Ellen Pao in the butt and say, "You need to grovel and beg the internet to take you back!"

Instead, the PR Crisis Consultants wrote an apology that didn't at all make nice with the Reddit community, but it certainly tricked Ellen Pao into thinking it would. Her inability to anticipate these backlash responses to her decisions are exactly why she is not a good fit to lead a community-based organization like Reddit.

They are to explain the reasoning behind the code.

This is a huge purpose for comments. Also, maybe I can interpret the code perfectly well without comments. How well can I depend on everyone else who is modifying the code to be able to interpret it properly.

Well-documented code helps protect it from the introduction of bugs by later contributors.

anything else i can do?

Modify SSHD config to listen on non-standard port. It will greatly diminish the log traffic you'll see of failed attempts. This could be important if you're using fail2ban as well and don't want your iptables to bloat unreasonably.

Stay away from configuring port-knocking. It becomes a real pita when you want to scp a file at the spur of the moment.

You're talking about a profession that in many cases has either no training or dubious training.

This is a field that requires a masters degree and certification.

You're probably thinking of faith-based social organizations that attempt to provide counseling services. Those agencies do not provide effective treatment for the ailments you mentioned. At best they might be able to provide some marriage counseling assistance.

I agree with all your examples. However, I recoiled during a couple of moments where the story was being read out loud, perhaps at the demand of a producer, as if the audience needed the plot points fully highlighted and underlined.

Obviously the beginning carries a lot of narration that heavy-handedly prepares the setting for the story. Entirely unlike the first 20 minutes of "There Will Be Blood"-- masterful storytelling by Paul Thomas Anderson.

The big shocker to me was near the end where Max fully explains the strategy of attempting to retake the Citadel while the boss is away, then THE BOSS EXPLAINS THE STRATEGY again. This is in stark contrast to the switcheroo ending of Road Warrior where the audience learns of the clever ruse at the absolute very end of the film. Why couldn't George Miller have Furiosa spontaneously turn around with everyone confused about the agenda? Because the strategy is totally explained to the audience, the last 15 minutes of the film is kind of a foregone conclusion.

Apparently on top of that successful antivirus business, they have done a lot on top of that successful antivirus business.

Maybe I wasn't clear about how these tools help ferret out networks of freedom-haters. This line could have been more prominently stated--

...to see who else might be a solid villain candidate. Even just monitoring internet traffic to known jihadist websites can likely get the filters applied to a person's communications to see if they might be a person-of-interest.

That type of work is more than forensics. It's proactively chasing up the networks to make their leadership accountable. Those are vague terms for drone strike.

I'm not cheerleading the NSA here, either. Just commenting on the data science.

In all likelihood, the false positives suggested by the OP and others in this discussion are unlikely to trigger any such NSA attention.

Coming from a data science background, I suspect they are transcribing and indexing all conversations as best as is possible with their elite voice recognition technology. Once it's in ASCII stored in a database, they can datamine the conversations of known radicals and jihadists. The algorithms that are generated don't so much emphasize specific keywords, but they generate a scoring system across a bunch of conversations by known haters-of-American-Freedom.

With filters in hand, they can look at who talked to the known villains and score them and run down the trails of phone calls, emails, text messages, and internet chats to see who else might be a solid villain candidate. Even just monitoring internet traffic to known jihadist websites can likely get the filters applied to a person's communications to see if they might be a person-of-interest.

Keywords will come into play AFTER an attack like the Garland Draw Mohammed contest. The NSA is right now filtering recent past conversations among suspected jihadists looking for relevant keywords such as 'Garland', 'American Freedom Defense Institute', 'Pamela Geller', and 'Elton Simpson'. Any conversation leading up to the attack including those keywords would absolutely put someone on a watchlist. And everyone who that person is talking to would be suspect as well.

Bottom line is, these tools are being used retroactively to bolster detective work. Talking about bombs and the President's name doesn't do anything because there are a thousand-million conversations using those words everyday.

Please mod this up.