The special magic thing is to hit the Windows key + X. That brings up a menu that has pretty much everything you'd want to do from a start menu. Win + X also works on desktop Windows 8.x.

The hilarious thing to me is that the Windows 8/Server 2012 line is ironically the most keyboard centric version of Windows I've used, but all people want to do is bitch about the Modern (Tile) interface that you can completely, totally ignore if you're on something that has a real keyboard and mouse.

Also, Windows RT? It's not awful. Printing and scanning work great and they have real USB and storage support. Surfaces ship with Office pre-installed. RT is missing a lot of media consumption tools that are present on other mobile OSes, but as a device for doing work they're credible. I'd rather have an RT-based Surface than anything that runs iOS, though I'd prefer a good quality Android device to either.

The same exact reasoning to justify TSA

They're incomparable. TSA is mandated by governments, you have no choice in the matter. Using a particular brand of smartphone is not. You are free to use a smartphone that doesn't use Google services and indeed are free to buy a Nexus 5 and then say "no" to the billion and one "trade data for feature?" prompts that appear when switched on the first time. No government goon is going to step in and insist that you send all your data to Google.

In fact, if you would prefer a smartphone that has a different data/features tradeoff then - conveniently! - Google provides a rather good open source operating system for free that you can use to build one. If others feel the same way you do you can even sell them without paying Google a dime.

Depends how you define "very popular" I guess. The most popular way to bypass state-level censorship in the Arab world and elsewhere is a product called HotSpot Shield. When Turkey blocked Twitter some time ago, HSS experienced 1000% growth and reached 1.1 million installs in the iOS App Store alone within only four days, with 800,000 regular users.

In contrast Tor went from 30,000 to 40,000 "direct connects" from Turkey.

HSS doesn't get much press in the geek world as it's just a plain old VPN run by a company in California that inserts ads into people's web pages to pay for the bandwidth costs. But usage wise it utterly dominates Tor.

Thanks for the insult. It hardly stung.

Unless you worked at Netscape in the mid-1990s, no insult was intended.

All I meant is that by the very early 1990s, we (and by "we" I mean people smarter than me; I was clueless at the time) had a pretty good idea that CAs wouldn't work well outside of real power hierarchies (e.g. corporate intranets). But then a few years later the web browser people came along and adopted X.509's crap, blowing off the more recent PKI improvements, in spite of the fact that it looked like it wouldn't work well for situations like the WWW.

Unsurprisingly, it didn't work well. Organizing certificate trust differently than how real people handle trust, 1) allows bad CAs to do real damage, and 2) undermines peoples' confidence in the system.

A very nice way of saying this, is that in hindsight, the predicted problems are turning out to be more important than we thought most people would care about. ;-) It's almost as though now (no fair! you changed the requirements!!) people want SSL to be secure.

Keeping the same organization but with new faceless unaccountable trust-em-completely-or-not-at-all root CAs won't fix the problem. Having "root CAs" is the problem, and PRZ solved it, over 20 years ago.

I expect you to start the project shortly.

It's a little late to start, but I do happen to still be running an awful lot of applications (web browser being the most important one) which aren't using it yet.

He was obviously talking about building your own hardware. Did you really think his parts list of "A small controller, an LCD display and a keyboard," was in reference to writing an alternative to OpenBSD?

How does Diffie-Hellman key exchange provide identification of the other party? .. It is not possible to determine who the other party is

It's possible. It requires an extra piece beyond the DH, but that extra piece isn't PKI. The user is the trusted introducer. The user looks around and says "Yep, these are the only two devices physically here that I have ordered to peer, right now." They are identified by being in the right place at the right time, triggered by the user saying "Now." That's a pretty good way to do things unless you're just totally surrounded by spies.

RTFS? It says that in the summary. The goal here is to alert people who don't know their internet connection is being used for piracy and who aren't OK with freeloading, parents being the given example.

> Just because a corrupt judge signs off on it, doesn't make it legal.

Actually, when a judge signs off on it, like it or not, the warrant by definition becomes legal.

Nothing I have read about Snowden indicates that he is actually some sort of uber-hacker

Except the stuff about how a 29 year old completely pwnd the NSA, probably the most technically sophisticated part of the US Government there is?

Sheesh. Your standards are high. What would it take, exactly?

Additionally, just because you have read nothing about his programming skills doesn't mean he has none. He once mentioned finding XSS holes in some CIA app so apparently he is good enough to do that.

There are already plenty of CA's in countries that are not under US jurisdiction. However, so far the CA's that issued bad certs were all outside the USA, and appear to have only done so because they got hacked and not because they were e.g. forced to by court order.

Unless you have a magical solution to hacking I don't think your new root CA would solve much.

Additionally, citation needed for "routine man in the middle". SSL MITM has been studied by academics at scale. They did not find evidence of much. Governments don't need to MITM SSL for as long as users browse non-SSLd sites like Slashdot and browser exploits exist.

It's a small part, but it's a part. I think Snowden has done his fair share of trying to inform laymen and stir up giving-a-fuck. If he wants to switch to working on tech, he could accomplish nothing and still come out far ahead of the rest of us. ;-)

The existence of a decent open-source router can't do much against a U.S. National Security Letter.

While we certain should care enough to force our government to stop being our adversary, there will always nevertheless be adversaries. You have to work on the tech, too. Even if you totally fixed the US government, Americans would still have to worry about other governments (and non-government parties, such as common criminals, nosey snoops, etc), where you have no vote at all. You will never, ever have a total social/civic solution which relies on, say, 4th Amendment enforcement to keep your privacy. I'm not saying your chances are slim; I'm saying they're literally 0%.

Furthermore, getting our tech more acceptable to layment acually would correct some of the problems inherent with NSLs, improving the situation even in a we-still-don't-give-a-fuck society. If you do things right, then the person they send the NSL to, is the surveillance target. The reason NSLs (coercion with silence) works is that people unnecessarily put too much trust into the wrong places.

For example, Bob sends plaintext love letters to Alice, so anyone who delivers or stores the love letters, can be coerced into giving up the contents. OTOH if they did email right, then if someone wanted to read the email Bob sent to Alice, they'd have to visit Bob or Alice. That squashes the most egregious part of NSLs, where the victim doesn't even get to know they're under attack.

That's true whether we're talking about email, or even if Bob and Alice get secure routers and VPN to each other. One of them gets the NSL ordering them to install malware on their router.

I hereby revoke my consent.

A nice step ahead would be the establishment of a new set of root certificates...

The lesson of CA failure is that there shouldn't be root authorities. Users (or the people who set things up for them, in the case of novices) should be deciding whom they trust and how much, and certificates should be signed by many different parties, in the hopes that some of them are trusted by the person who uses it.

If you want to catch up to ~1990 tech, then you need to remove the "A" in "CA."