Comment Re:Safe? (Score 1) 234
You're Tien Shinhan!
Comment Re:Socketed Firmware Here We Come (Score 4, Insightful) 120
Yeah, but it immensely complicates incident recovery. Rebuilding a compromised system isn't enough if you can't trust the BIOS anymore. It's only a matter of time before the compromised BIOS' adapt to re-compromise the new BIOS as it's written, so re-flashing the BIOS of a compromised computer isn't a good long-term fix.
Does this make a compromised computer basically a paperweight? That's going to turn IT into a really expensive scene really quickly.
Comment Re:meanwhile (Score 1) 342
That has its own set of consequences, though. Your rule would have the side-effect of guaranteeing that anyone working in the regulatory agency will be completely ignorant of how the industry they're regulating works.
Comment Re:Good grief.... (Score 1) 6
I didn't notice the "days" links at the bottom until reading your description. At a quick glance, it just appeared that they removed the links to older articles on the home page. Those links could use more of a visual hint that they're for navigating the site and not just the standard background noise you see at the bottom of most websites.
Comment Re:Actually, ADM Rogers doesn't "want" that at all (Score 1) 406
A few more thoughts:
1) Part of the reason this whole thing is coming up is that Apple said that were going to modify the encryption on iPhones so that they couldn't decrypt them either. It's at that point that the big push for breakable encryption started. So, saying that this is just about companies giving the NSA data that the companies already have isn't true. A subpoena/NSL/FISA court order is sufficient for legal access to data that the companies already have. If that were all the NSA/FBI/etc wanted, then they already have the tools to get that data.
2) given that, it is imperative upon the people asking for the change to explain why supoenas/NSLs/FISA court orders are insufficient. I haven't heard a single thing about that, *except* in the context of companies like Apple enabling encryption and *not* escrowing the keys. That puts a lie to the idea that this is just about accessing data that the companies already have.
Lastly, please don't make "talk like adults" sideswipes...you're assuming bad faith on the part of your commenters, (me, in this case) which you have no evidence of. This is a very passive-aggressive way of insulting your debate partner. If you'd really like to debate, this is not helpful.
Comment Re:Actually, ADM Rogers doesn't "want" that at all (Score 5, Interesting) 406
There are multiple problems with your statement. Lets look at them all, shall we:
What he "wants", when US-based companies hold data that still can technically be accessed for legitimate foreign intelligence purposes supported by our system of law
No. The trigger for this isn't that companies are holding data...it's that users have data, and the NSA wants to force the companies to keep/get access their users data even if the company doesn't want to, so that the NSA can access it also. This is a *very* different proposition. If Apple doesn't want to hold its user's data, why should the NSA force them to just so that the NSA can read it? That seems to be the NSA's problem, not Apple's.
If, on the other hand, you live in a world where simply crying "Encryption!" is some kind of barrier that magically sanctifies the underlying data
Saying "encryption" does not make the data magical, but it also doesn't entitle the NSA to special treatment. If they can break it, fine. If they can't, there is no valid reason for me to make it easy for them.
then I would ask what you think about the German and Japanese codes in WWII?
Attacking RSA/DSA/AES/etc is the NSA's job. If they can do that, fine. Deliberately weakening an existing system to make it *easier* for them to do those attacks isn't our job, or our problem. If they want to beat their heads against AES, go for it. But that's not a valid reason for country-wide key escrow.
Lastly, on the specialness of America: Do we really believe that the US is the only one who has the "right" to access any backdoor/golden-key/whatever? That's absolute nonsense. If the US forces Apple, Google, MS, etc to build key escrow into their devices so that the NSA can read the data on them, then that key will be used by every government on the earth. If you really believe that the NSA will manage to keep exclusive control of a master key for all encryption for a given major vendor, then I'm going to call you delusional.
Comment Re:Why? (Score 2) 253
There's one problem it won't fix: the Greek debts to EU are not going to shift to the a currency just because Greece does. The debts to the rest of the EU will remain in Euros, and if the Greek "new Drachma" devalues massively compared to the Euro, the relative loan repayments in new Drachma will go up correspondingly.
Greece can't print their way out of the loans. They can print their way to cheaper exports, yes....but the can't print their way out of the loans.
Comment Re:I blame the FDA (Score 5, Interesting) 365
One year vaper, previously 20 year smoker. I've had the medical labs done to show how much damage was undone in just one year.
At 41, I can run farther and faster, keep up with young folk better than most of my non-smoker friends of the same age. 3 years ago this was not the case.
Feed Techdirt: The World's Email Encryption Software Relies On One Guy, Who Is Going Broke (google.com)
The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project alive.
Werner Koch wrote the software, known as Gnu Privacy Guard, in 1997, and since then has been almost single-handedly keeping it alive with patches and updates from his home in Erkrath, Germany. Now 53, he is running out of money and patience with being underfunded.
"I'm too idealistic," he told me in an interview at a hacker convention in Germany in December. "In early 2013 I was really about to give it all up and take a straight job." But then the Snowden news broke, and "I realized this was not the time to cancel."
Like many people who build security software, Koch believes that offering the underlying software code for free is the best way to demonstrate that there are no hidden backdoors in it giving access to spy agencies or others. However, this means that many important computer security tools are built and maintained by volunteers.
Now, more than a year after Snowden's revelations, Koch is still struggling to raise enough money to pay himself and to fulfill his dream of hiring a full-time programmer. He says he's made about $25,000 per year since 2001 — a fraction of what he could earn in private industry. In December, he launched a fundraising campaign that has garnered about $43,000 to date — far short of his goal of $137,000 — which would allow him to pay himself a decent salary and hire a full-time developer.
The fact that so much of the Internet's security software is underfunded is becoming increasingly problematic. Last year, in the wake of the Heartbleed bug, I wrote that while the U.S. spends more than $50 billion per year on spying and intelligence, pennies go to Internet security. The bug revealed that an encryption program used by everybody from Amazon to Twitter was maintained by just four programmers, only one of whom called it his full-time job. A group of tech companies stepped in to fund it.
Koch's code powers most of the popular email encryption programs GPGTools, Enigmail, and GPG4Win. "If there is one nightmare that we fear, then it's the fact that Werner Koch is no longer available," said Enigmail developer Nicolai Josuttis. "It's a shame that he is alone and that he has such a bad financial situation."
The programs are also underfunded. Enigmail is maintained by two developers in their spare time. Both have other full-time jobs. Enigmail's lead developer, Patrick Brunschwig, told me that Enigmail receives about $1,000 a year in donations — just enough to keep the website online.
GPGTools, which allows users to encrypt email from Apple Mail, announced in October that it would start charging users a small fee. The other popular program, GPG4Win, is run by Koch himself.
Email encryption first became available to the public in 1991, when Phil Zimmermann released a free program called Pretty Good Privacy, or PGP, on the Internet. Prior to that, powerful computer-enabled encryption was only available to the government and large companies that could pay licensing fees. The U.S. government subsequently investigated Zimmermann for violating arms trafficking laws because high-powered encryption was subject to export restrictions.
In 1997, Koch attended a talk by free software evangelist Richard Stallman, who was visiting Germany. Stallman urged the crowd to write their own version of PGP. "We can't export it, but if you write it, we can import it," he said.
Inspired, Koch decided to try. "I figured I can do it," he recalled. He had some time between consulting projects. Within a few months, he released an initial version of the software he called Gnu Privacy Guard, a play on PGP and an homage to Stallman's free Gnu operating system.
Koch's software was a hit even though it only ran on the Unix operating system. It was free, the underlying software code was open for developers to inspect and improve, and it wasn't subject to U.S. export restrictions.
Koch continued to work on GPG in between consulting projects until 1999, when the German government gave him a grant to make GPG compatible with the Microsoft Windows operating system. The money allowed him to hire a programmer to maintain the software while also building the Windows version, which became GPG4Win. This remains the primary free encryption program for Windows machines.
In 2005, Koch won another contract from the German government to support the development of another email encryption method. But in 2010, the funding ran out.
For almost two years, Koch continued to pay his programmer in the hope that he could find more funding. "But nothing came," Koch recalled. So, in August 2012, he had to let the programmer go. By summer 2013, Koch was himself ready to quit.
But after the Snowden news broke, Koch decided to launch a fundraising campaign. He set up an appeal at a crowdsourcing website, made t-shirts and stickers to give to donors, and advertised it on his website. In the end, he earned just $21,000.
The campaign gave Koch, who has an 8-year-old daughter and a wife who isn't working, some breathing room. But when I asked him what he will do when the current batch of money runs out, he shrugged and said he prefers not to think about it. "I'm very glad that there is money for the next three months," Koch said. "Really I am better at programming than this business stuff."
Related stories: For more coverage, read our previous reporting on the Heartbleed bug, how to encrypt what you can and a ranking of the best encryption tools.
Republished from ProPublica. ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter .
Permalink | Comments | Email This Story
Comment C# maybe. Not VB. (Score 1) 648
I could see an argument for C# maybe but not VisualBasic.
I like Python best but C# programs do usually run faster and the harder type checking is helpful most of the time.
I wish C# had real decorators, had a unlimited lossless big number class with its existing number classes in a logical hierarchy under it, had a standard epochs-based date time class, had a standard way to flag any variable as un-nullable, had a standard way of defining order-aware structures for import/export, had a standard way of creating event logged data, and had events that weren't a bit wonky and mysterious. It'd be nice if there was a way to create a subprocess that acted as its own program with its own memory, disk permissions, etc but I can't say I've seen any other language get that right either.
At least VB essentially maps all the same underpinnings as C# .. just not as well and using weird terminology and syntax. Python has its own unique syntax but it's clean and uses pretty standard terminology.
Comment Re: a better question (Score 1) 592
I used to always custom build all my own boxes and carefully tune my Linux installs. For certain things I still do but it's rare now.
I use MacOS for my desktop because I used Linux as my primary desktop for over a decade and it always sucked. If anything, I'd say it got worse with time. To much work on the look and not enough work on solid underpinnings. And MacOS has solid developer tools and a Unix command-line.
For servers I mostly use cloud services such as Amazon. I went through the stages of having my own server clusters, then virtualized server clusters, and pretty much eventually ended up with a custom solution very close to what Amazon now offers but with less hardware available and at much greater cost. Usually I'm still running Linux instances but I prefer when I don't have to know what the OS is at all.
For most my personal computing I actually use my iPad. I even prefer coding from it. Unfortunately I've mostly moved to C# for development and I've yet to find a decent programming environment on the iPad for it. May end up writing my own.
Journal Journal: I logged in. 2
I was doing some research for a project and happened back here. Hello slashdot.
Find me on Twitter, or put dot com after my user name.
Comment Re:Earth not _turning_ slower, but already is slow (Score 2) 289
Note to self: get more sleep before commenting....it's losing rotational energy to pushing the moon farther away. Gah.
Comment Re:Earth not _turning_ slower, but already is slow (Score 4, Informative) 289
No, the Earth really is slowing down very, very gradually. The tidal forces from the moon is slowly leeching off rotational energy from the Earch (as heat). See here: http://en.wikipedia.org/wiki/T...
Comment Didn't Judea Pearl solve this decades ago? (Score 1) 137
This excellent blog article describes a technique developed by Judea Pearl decades ago to do exactly this. Would be interested to understand how this is different/better.
