The word "witness" does. A witness is someone who provides testimony in a legal proceeding. It is not someone who provides non-testimonial evidence relevant to a legal matter.

...is not the way the law works. Testimony is separate from other kinds of evidence, and the 5th Amendment covers testimony. (The 4th Amendment provides different protections to other kinds of evidence.)

Despite how frequently it occurs, it turns out that your home-grown, intentionally-overbroad, untrained interpretation of the Constitution is not, in fact, a good basis for reasoning about the law.

A good starting point would be not telling the police the contents of the encrypted hard drive before decrypting it (as he did). Now they have a pretty good guess as to what the drive ought to contain.

In two ways. First, being compelled to provide evidence that already exists isn't protected under the 5th Amendment, only giving testimony. (There are lots of details here, but that's the short version.) Second, once you volunteer information, you waive your 5th Amendment protections for that line of inquiry. (Again, details.) He told the police that the encrypted drive contained evidence and that he had the ability to decrypt it. Not a good move.

Easy. For changing your password, at least, passwords are transmitted to them in cleartext and hashed server-side. Hashing passwords is done before storing the password, not before transmitting it.

Or he knew how to use negative numbers.

Or, more than one part in 10^6, which is larger than our measurement precision in some cases.

Relativity only actually requires that particles with mass stay on one side of the speed of light: strictly below or strictly above. The "strictly above" particles, which are entirely theoretical, are called tachyons.

I'm not sure you understand how percentages work.

So are all the other people in that Twitter conversation, most of whom are more than a little bit skeptical of a completely unsubstantiated claim like this. All of the claimed elements of the "canary" are odd changes in the source code that were commented on long before they were "revealed" as parts of the canary. One of them is a change to source that post-dates the claimed 2004 date the canary was established.

No, this is espionage -- gathering information -- rather than a cyber attack -- which is causing damage. I don't know if Bahamas has defined a cyber attack as an act of war, though the US has (so it's only fair).

Espionage has always been illegal in the country it's conducted in. That's what covert operations are all about. In HUMINT (e.g., CIA), you can at least pursue, capture, arrest, and prosecute the agents. In SIGINT, there's not any real effective action the targeted nation can take against the perpetrators. That's in the realm of international agreements and war to solve. I'd prefer the former. I honestly think that the US gov't, faced with the choice between stopping this behavior and the international tizzy that a "war" with the Bahamas would cause, would choose the former. It's just a matter of people forcing the issue.

Python is also extremely popular in scientific computing, particularly if you're doing data analysis. It's a better, free replacement for Matlab. All of the real, serious computational work is done by calling native libraries, naturally.

Serious scientific computation, particularly libraries and important models, are still frequently in Fortran, though I've seen a lot in C and C++ too.

It's very uncommon for LE to sit there trying different passcodes. They'll either use a tool that bypasses the passcode completely or they'll ask Apple.

If you're concerned about someone who has physical possession of your phone accessing data stored on it, a Cyanogen Android phone isn't helping you one bit.

If you have some ideological goal unrelated to the security problem being discussed here, maybe.

They mean functional. If you break the screen, they may still do it. Drop it in some water, though, and it may be hosed enough for them to not bother. (Really, the "in good working condition" statement is there for one purpose: it says that they won't go to any extreme measures to make it work. They have a process in place for doing this, and if it's successful, they'll give you the data; if it's not, they're not doing experimental forensics for you.)

I was thinking more of something you could do to secure your phone if you *suspect* it may be taken. You know, something reversible in the event that it's not. Breaking your phone is a one-time-only operation.

I haven't actually disassembled an iPhone to see if it has an exposed JTAG header. I've connected to a lot of other consumer devices with JTAG, though. It's extremely common to disable JTAG entirely on the devices that are sold to consumers (though the header and traces are still there, they just don't do anything). Most devices where it does work only talk on JTAG if the device powers up with something connected to the header -- which eliminates using it for RAM access for forensic purposes. Lots of densely-packed consumer devices actually don't have the JTAG headers on them at all. It's very inconvenient.