Let's not forget that the Snowden documents are now a year and a half old. A year and a half ago, everyone thought the ciphers and protocols were good enough. Fast forward to the eve of 2015 and we know better. We have a new sense of what is state of the art. We know not to use ciphers with static keys that could be subject to subpoena requests and so on a so forth. I'm not so naïeve to believe that new ciphers will stop them in their tracks. The still have incredible resources to draw upon. We just have new speed bumps.

I suspected it was last straw. She was looking for an excuse.

That said, however, lawyers in good standing enjoy a legal privilege of being able to discuss matters with clients in confidence and be able to withhold those discussion from the government. If you can't communicate privately the privilege is eviscerated.

Perhaps she wasn't so much worried about herself than the confidential sources she used?

And don't forget to ask what language was that high level language written in?
Ruby - written in C
Erlang - written in C
Node.js - written in C with a few x86 and ARM assembler bits
Perl - written in C
Python - written in C

And the truly mind-numbing one: GNU C compiler - written in C.

I add, ServerAliveInterval 60, to my $HOME/.ssh/config file just because of appliances that are too dumb to handle long TCP connections.

I have worked with IT professionals at a military installation. Their improvisational talent is amazing when it comes to figuring out a way to get something done within the crazy rules they have to follow.

Lock Switch? Then you don't understand the problem. The problem is that in many USB Flash are two chips: a computer and memory. The host PC communicates with the USB controller and the controller talks to the memory. Most controllers are just a version of the 8051 CPU with USB logic bolted on. The lock switch would be a high-level function that returns an error on a generic block device write command. Hacking the USB device isn't hacking the flash memory, it's hacking the firmware on the 8051. The Device Firmware Update function of USB that allowed that 8051 computer to be reprogrammed should be disabled.

For example: Hong Kong Post Root; DoD Root CA 2; Federal Common Policy CA; Staat der Nederlanden Root CA - Any of these CA can mint a certificate for ANY website.

Keep in mind that any sufficiently powerful nation is better served sending lawyers rather than hackers. Step One: All it takes is to send a court ordered warrant with gag-order to get the private key for "Go Daddy Root Certificate Authority - G2". Step Two: Mint certificates

We should do two things. 1) Browsers should also start displaying the root CA. If I go to Google and I know it's Google because "Autoridad de Certificacion Raiz del Estado Venezolano" says so, I'd be suspicious. 2) Fix the all or nothing problem. Somehow limit the domain scope of a CA. "Google Internet Authority G2" mints certificates for Google.Com. What's to keep them from minting one for MyBank.com?

I'd worry about people hacking my car about the same time as I'd worry about people cutting my brake lines.

This technique works for data drives not boot drives: 100% full disk encryption. When you decommission the drive, decommission the encryption key. This technique also works with wear leveling SSD drives that might not always properly erase if you attempt to wipe the data.

I'm running the same hardware. It's solid. Love it.

Right. The other part of the issue is why didn't anyone write a test to verify that the buffer overflow detection code actually detects when you overflow buffers?

I'm a fan of computing par2 repair blocks at a 15%. Every so often run a par2verify.

This is what I use.
alias tm='tmux att || tmux'

That and if Novell had implemented a network ID registration entity. Many Novell installations used network ID 00:00:00:01 because that's what was in the manual. This made them unconnectable for all intents and purposes.

Thanks for the Command and Conquer reference. It made my day.